On October 23, 2015, the Federal District Court in Minnesota upheld Target’s assertion that documents produced pursuant to an internal investigation of its 2013 security incident fell within the protections of the attorney-client privilege and work-product doctrine.
The plaintiffs, comprised of a class of financial institutions, argued Target had improperly asserted privilege and work product claims for items relating to a group called the Data Breach Task Force, which Target established in response to the data breach. The plaintiffs also contended that Target improperly asserted privilege and work-product claims for communications with and documents prepared by a forensic investigator, who Target had retained to investigate the data breach.
Plaintiffs argued that both the communications and documents were not protected by the attorney-client privilege and the work-product doctrine “because Target would have had to investigate and fix the data breach regardless of any litigation, to appease its customers and ensure continued sales, discover its vulnerabilities, and protect itself against future breaches.”
Read the full Whitepaper: Privilege protects cyber breach investigation