In a recent article at Outlaw.com, Laura Gillespie has a reminder on the usefulness of legal privilege in investigating and managing data breaches:

When data breach incidents occur and businesses begin internal investigations they are unlikely to know precisely what conclusions they will reach. It is clear that documents created following a serious, adverse incident could have far reaching implications in any subsequent litigation or prosecution

She goes on to recommend:

• Having a pre-prepared plan (and a pre-selected team) for investigating and managing data breaches
• Ensuring only the designated team can access documents relating to investigation/management of a breach
• Limiting the extent to which these documents are circulated to any broader group

Link (Outlaw.com): Data breach management – making use of legal privilege