Law firms offer cybersecurity advice and attorney-client privilege to hacked companies
Law firms are getting involved as companies investigate hacker incidents, providing attorney-client privilege to shield the findings in future lawsuits.
The Wall Street Journal (sub. req.) has a story on the trend. In one example, Nationwide Insurance hired Ropes & Gray after a hacker obtained personal details about 1 million people from the insurer. In another, Alston & Bird hired a former Justice Department lawyer in January to head its security-incident and management-response team. The lawyer, Kimberly Peretti, was a senior lawyer in the department’s Computer Crime and Intellectual Property Section.
Mike Dubose, who leads Kroll Advisory Solutions’ cyberinvestigations practice, advises clients to hire a law firm before it hires Kroll. He explained that a client who hires Kroll directly probably won’t be protected by attorney-client privilege.
“What a company does not want is its investigation or due diligence, undertaken with the best of intentions, to be used against it in litigation,” Dubose told the Wall Street Journal.
Law firms also help the companies abide by state and federal laws on disclosure after a hacker accesses computer records, the story says.