On January 12, 2021, Judge Boasberg (D.D.C.) ruled that a forensic report prepared for outside counsel following a cyber incident investigation was not protected under either attorney-client privilege or the work product doctrine. The investigation in question was run by outside counsel and the security firm had been retained by outside counsel. This decision is the latest in a line of cases finding that cybersecurity forensic reports may not receive work product protection, but it goes further than other cases by finding the report was not protected as a matter of law by the attorney-client privilege. The opinion in Wengui v Clark Hill (Case No. 19-3195) may be found here.

About Jon Knight
Jon Knight is a senior associate with Alston & Bird’s Privacy, Cyber & Data Strategy Team in the Washington, D.C. office. He focuses his practice on cybersecurity and privacy compliance and enforcement, as well as emerging technology issues.