Category Archives: Attorney-Client Privilege and Work Product Doctrine

No Good Deed: Privilege is at Risk When the Government Directs Your Company’s Internal Investigation

by Jeffrey P. Schomig

Photo courtesy of Wilmer Cutler Pickering Hale and Dorr LLP.

It is a familiar scene in corporate governance:  A company learns of potential malfeasance within its ranks.  Its board forms a special committee and hires outside counsel to conduct an internal review.  Outside counsel interviews key employees and prepares a detailed account of events which it presents to the board. The board then decides whether to part ways with any employees who breached company policy or broke the law. 

A key additional decision facing the company is whether to cooperate with government authorities, some of whom may already be investigating the incident.  For many (if not most) companies, this is a decision in theory only.  Failure to cooperate can result in reputational harm among the public and stockholders, massive fines or even indictment of the company – an event that many company counsel and their boards fear could be a mortal blow.[1] 

Continue reading

Sixth Circuit Reaffirms Privilege and Work-Product Protections in Internal Investigations

by David B. Anders, Randall W. Jackson, and Michael W. Holt

PHOTOS OF AUTHORS

Left to right: David B. Anders, Randall W. Jackson, and Michael W. Holt (photos courtesy of Wachtell, Lipton, Rosen & Katz)

Conducting an internal investigation in a disciplined and organized way is essential to protecting privilege.  A recent decision of the U.S. Court of Appeals for the Sixth Circuit, In re FirstEnergy Corporation, No. 24-3654 (Oct. 3, 2025), underscores that courts will uphold attorney-client privilege and work-product protections where counsel directs the investigation and its legal purpose is clear—even when the resulting work also informs a company’s business decisions.  Continue reading

2024 Year in Review: Data Breach Litigation

by Kirk Nahra, Molly Jennings, Ali Jessani, and Rachel Greene

Photos of the authors

Left to Right: Kirk Nahra, Molly Jennings, Ali Jessani and Rachel Greene. (Photos courtesy of WilmerHale)

One of the main risks for a company in the event of a data breach is the threat of litigation. Data breach litigation continued to proliferate in 2024, as it has in prior years.

In the past year, plaintiffs continued to seek relief following data breaches under state common-law doctrines, and the Alabama Supreme Court joined the other state courts of last resort who have addressed data-breach litigation in published decisions.  Federal data breach plaintiffs contended with standing issues in the wake of the Supreme Court’s decision in TransUnion LLC v. Ramirez, and an apparent circuit split between the Tenth and Eleventh Circuits deepened when the Third Circuit weighed in.  The District of New Jersey also provided further guidance to companies on the scope of the attorney-client privilege when responding to data breaches.  This post examines these trends.  

Continue reading

Consumer Facing Applications: A Quote Book from the Tech Summit on AI

by Staff at the Federal Trade Commission’s Office of Technology

Federal Trade Commission

The FTC’s Tech Summit on AI[1] convened three panels that highlighted different layers of the AI tech stack: hardware and infrastructure, data and models, and consumer-facing applications. This third Quote Book is focused on consumer-facing applications. This post outlines the purpose of the quote book, a summary of the panel, and relevant topics and actions raised by the FTC.

Continue reading

SEC v. Covington: Federal Court Orders Law Firm to Disclose Names of Clients Affected by Firm’s Cyberattack

by Michael Borgia and Tyler Bourke

Photos of the authors

Left to right: Michael Borgia and Tyler Bourke (photos courtesy of Davis Wright Tremaine LLP)

The court’s decision may embolden the SEC and other regulators to subpoena law firms, response vendors, and software providers in cybersecurity investigations  

The U.S. District Court for the District of Columbia recently issued its highly anticipated ruling in the subpoena fight between the U.S. Securities and Exchange Commission (“SEC” or “Commission”) and the law firm Covington & Burling LLP (“Covington”).  On July 24, 2023, the court in SEC v. Covington[1] ordered the firm to comply in part with an SEC administrative subpoena that had been served on the firm in March of 2022 by providing the names of seven firm clients, the material nonpublic information of which had been compromised in a cyberattack on Covington’s information technology systems in November 2020. 

Continue reading

Foxes or Hedgehogs: Evolving Taint Team Jurisprudence

by Luke Cass, Michael Clark, and Matthew Hickman

Photos of the authors

Left to right: Luke Cass, Michael Clark, and Matthew Hickman (photos courtesy of Womble Bond Dickinson (US) LLP)

Corporate criminal enforcement is a top priority for the Department of Justice.[1] As the number of corporate search warrants rise, so does the government’s use of taint, or filter, teams.  A wave of recent caselaw addressing the procedure, role, and handling of taint teams along with potentially privileged material has varied among the circuits, leaving in its wake dramatically unsettled law.

This article discusses what taint teams are, recent circuit splits about them, and how the Supreme Court, the DOJ, and the ABA can, and should, address issues that impact one of the oldest privileges in western jurisprudence.

Continue reading