Another Sedona Conference Commentary Published: eDiscovery Best Practices
Last week, I discussed two public comment publications from The Sedona Conference® (TSC) from last year that were published in final form over the past few weeks. Now, TSC has announced a new publication from and its Working Group 11 on Data Security and Privacy Liability (WG11) that evaluates the application of the attorney-client privilege and work-product protection doctrine to an organization’s cybersecurity information.
Last week, TSC and its WG11 group announced the public comment version of its Commentary on Application of Attorney-Client Privilege and Work-Product Protection to Documents and Communications Generated in the Cybersecurity Context (Commentary), which may be the longest title for a TSC publication ever.
The goal of the Commentary is to address the absence of “settled law” on this topic by assessing (1) how the courts have and can be expected to decide, and what organizational practices will be important to a court’s decision regarding, whether the attorney-client privilege or work-product protection apply to documents and communications generated in the cybersecurity context; and (2) how the development of the law in this area should be informed not just by established attorney-client privilege and work-product protection legal principles, but also by the policy rationales underlying the attorney-client privilege and work-product protection generally and those unique to the cybersecurity context.
There are essentially five parts in the 65-page (PDF) Commentary. Part A of the elaborates on the Commentary’s purpose and sets forth its target audience. Part B sets forth the legal principles generally applicable to claims of attorney-client privilege and work-product protection. Part C uses the general principles set forth in Part B and other relevant legal sources to evaluate how the courts have and can be expected to decide, and what organizational practices will be important to a court’s decision regarding whether the attorney-client privilege or work-product protection applies to various types of documents and communications that an organization generates in the cybersecurity context. Part D examines whether and to what extent the results suggested in Part C are consistent with the policy rationales underlying the attorney-client privilege and work-product protection generally and those unique to the cybersecurity context. Section 2 of Part D considers various proposals for adapting existing attorney-client privilege and work-product protection law, or developing entirely new protections, in the Cybersecurity Information (CI) context, and the tradeoffs those proposals present. Part E is a one-paragraph conclusion to the Commentary. There are no Appendices.
You can download a copy of the Commentary here (login required, which is free). The Commentary is open for public comment through June 25, 2019. Questions and comments on the Commentary are welcome through June 25, and may be sent to email@example.com. The drafting team will carefully consider all comments received, and determine what edits are appropriate for the final version. Also, a webinar on the Commentary will be scheduled in the coming weeks, and will be announced by email and on The Sedona Conference website to give you the opportunity to ask questions and gain additional insight on this important topic.
So, what do you think? How does your organization address attorney-client privilege and work-product protection of its cybersecurity information? As always, please share any comments you might have or if you’d like to know more about a particular topic.
Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.