The outlines of the attorney-client privilege and work-product doctrine are well-established. But how should they apply when an organizational client suffers a cybersecurity event or other intrusion that results in a data breach?  Should information about the company’s security policies pre-breach and its post-breach response be given any enhanced protection? Under what circumstances?

The questions

Many litigation lawyers know about the “litigation privilege” (sometimes called the “judicial privilege”).  The doctrine operates to immunize lawyers from liability for statements  made during the litigation process that are related to the litigation, even if they injure an opposing party.  (Here’s a 2015 Hofstra Law Review article that provides an overview.)

But lawyers

As we’ve noted before (here and here), the ethical duty of confidentiality is broad, and can even cover publically-available information.  Now comes a reminder that based on the confidentiality rule you should obtain consent  before using your client’s name in marketing materials — and that some jurisdictions go even farther.  For instance, South

We’ve written before about “web bugs” — tracking devices consisting of an object embedded in a web page or e-mail, that unobtrusively (usually invisibly) reveal whether and how a user has accessed the content.  Three jurisdictions (Alaska, New York and, most recently, Illinois) have issued opinions pointing to the ethics

Everyone knows that we have an ethical duty of competence, and in most jurisdictions this includes a duty to be aware of the “benefits and risks” of relevant technology.  Examples of possible technology issues affecting our practices:  encryption (and cyber-security in general), cloud storage, e-mail handling, the internet of things — there

A federal district court refused last week to disqualify a Connecticut lawyer in a suit against Yale University, even though finding a violation of the state’s version of Model Rule 4.2, the “no contact rule.”  Although ruling that disqualification was too extreme a sanction, the court ordered the turnover of interview notes from the

Picture this:   You’re travelling across U.S. borders, heading home from a client meeting abroad.  However, unlike other trips, this time a Customs and Border Protection agent requests that you unlock and hand over for inspection your computer and cell phone — full of client confidential information.  You’ve been concerned about this issue, and so you’ve

Confession:  I’m a lawyer who’s married to a lawyer.  If that’s your situation too, then you know some of the challenges — how life at home falls apart when you both have trials scheduled; the strain on the budget in those early days when you’re paying off two sets of law school loans; playing rock-paper-scissors

What are your ethics obligations when your client gives you documents that the client may not be entitled to have?  Model Rule 4.4(b), adopted in some form by most jurisdictions, provides some guidance.  Applying it, together with other principles, a New Jersey appeals court, in an unpublished ruling, recently disqualified a firm from