Author: Stephan Chenette / Source: AttackIQ
For many of us that attend DFIR meetups and actively track breaches and all that relates including the inevitable class action lawsuits that follow, an important decision was announced last week on the Experian data breach case with regards to data security law:
Breach investigation reports created by forensic firms investigating data breaches can be protected by client-attorney privileges given the right circumstances.
Here are a few key takeaways from the below analysis from legal firm Shook, Hardy & Bacon:
- The forensic firm should be hired by outside counsel, not by the incident response team or the information security department.
- Hire outside counsel early—the work a forensic firm undertakes before outside counsel is involved will not be protected, so the breached entity should engage counsel immediately.
- Create a…
Click here to read more