This is an interesting point of law being raised in Canada. Is your internal investigation report on a breach covered by attorney-client privilege?…:
LifeLabs is taking the Information and Privacy Commissioner for British Columbia to court, claiming the commissioner cannot compel the firm to hand over a third-party report into an October 2019 cyberattack due to solicitor-client privilege.
The medical testing company filed a petition in B.C. Supreme Court on Feb. 20. LifeLabs claims the commissioner is investigating the hack and sought a report by cybersecurity firm CrowdStrike Services Inc. that had been commissioned by LifeLabs’ counsel.
“Its purpose is to enable counsel to provide informed legal advice to LifeLabs, including in respect of civil litigation and the very investigation the Commissioner is now undertaking,” the petition states. “Because the CrowdStrike Report is privileged, the Commissioner cannot compel its production.”