private detective desk with envelopes labeled as confidentialThe COVID-related increase in the number of employees working remotely has created an unexpected consequence: heightened risk of cyberattacks as employees are logging on to office networks through personal computers which may not be as secure as office environments. Inasmuch as it often takes six months or more for the unprotected business to realize that it has been violated, many of the intrusions which have already occurred have yet to surface, likely leading to a spate of ancillary litigation during 2022.

When a lawsuit related to such an intrusion inevitably occurs, counsel's first call will likely be to a cybersecurity company that can provide potential expert witness services on the "5Ws" (who, what, where, when and why) concerning the attack. Oftentimes, the violated company may not have cybersecurity services in place prior to the intrusion, and the retention of the expert will originate with counsel. But what occurs when a cybersecurity vendor is already in place at the time the attack occurred prior to counsel's retention? How can counsel coordinate with a vendor to prepare for trial and gain a technical understanding—which is cloaked by privilege—such that the corresponding reports are shielded from disclosure?

Qualifying for the benefits of the Work Product Doctrine is essential to ensure that documents and communications remain shielded from disclosure during discovery. However, courts generally disfavor assertions of evidentiary privileges because they shield evidence from the truth-seeking process; as such, these privileges are confined to the narrowest limits. Thus, proper formalities must be implemented to avoid the waiver of the protections afforded by the Work Product Doctrine.