Using legal privilege to investigate and manage data breaches

In a recent article at, Laura Gillespie has a reminder on the usefulness of legal privilege in investigating and managing data breaches:

When data breach incidents occur and businesses begin internal investigations they are unlikely to know precisely what conclusions they will reach. It is clear that documents created following a serious, adverse incident could have far reaching implications in any subsequent litigation or prosecution

She goes on to recommend:

  • Having a pre-prepared plan (and a pre-selected team) for investigating and managing data breaches
  • Ensuring only the designated team can access documents relating to investigation/management of a breach
  • Limiting the extent to which these documents are circulated to any broader group

Link ( Data breach management – making use of legal privilege