Protecting Privilege in Cyberspace: The Age of COVID-19 and Beyond

March 12, 2021

The ongoing COVID-19 pandemic has accelerated companies’ reliance on outside consultants to proactively secure not only their virtual workspaces against cyberattacks, but also their physical workplaces from contagions and other threats. However, should litigation arise following an adverse event such as a data breach or COVID-19 outbreak in the workplace, the work of these consultants may become critical evidence against the very organization it was intended to protect.   

When such litigation arises, savvy plaintiff’s lawyers will almost always seek discovery of any analyses or reports performed by outside counsel in advance of, or following, such incidents. The question then becomes whether reports prepared by those outside consultants—either before or after the precipitating event—are discoverable or instead protected by the attorney-client privilege or work-product doctrine.

 In “Protecting Privilege in Cyberspace: The Age of COVID-19 and Beyond,” found here Otterbourg’s Melanie Cyganowski, Erik Weinick, and Aisha Khan, answer this question through an examination of relevant case law. They also recommend best practices for the retention of outside consultants to maximize the chances that their work product remain shielded during discovery in any subsequent litigation.

It is clear that regardless of whether the consultants’ work is proactive or reactive, simply copying counsel on correspondence is not sufficient to ensure the applicability of some type of privilege or “legal shield.” At the very least, consultants should be retained through outside counsel (not just in-house counsel) and their work parameters should be clearly defined.

 For more information about Otterbourg’s Privacy & Cybersecurity practice, please contact Erik Weinick at