In a recent article at Outlaw.com, Laura Gillespie has a reminder on the usefulness of legal privilege in investigating and managing data breaches:
When data breach incidents occur and businesses begin internal investigations they are unlikely to know precisely what conclusions they will reach. It is clear that documents created following a serious, adverse incident could have far reaching implications in any subsequent litigation or prosecution
She goes on to recommend:
- Having a pre-prepared plan (and a pre-selected team) for investigating and managing data breaches
- Ensuring only the designated team can access documents relating to investigation/management of a breach
- Limiting the extent to which these documents are circulated to any broader group
Link (Outlaw.com): Data breach management – making use of legal privilege