This article appeared in the Spring 2010 issue of The Secure Times
, the newsletter of the American Bar Association Section of Antitrust Law's Privacy and Information Security Committee. The article discussed the application of attorney-client privilege and self-evaluative privilege, and suggested best practices to increase the chances that an audit report will be protected from disclosure. While a rigorous data security and privacy audit can identify and help a company to remedy vulnerabilities in its systems and policies, a written audit report can pose its own dangers if obtained by civil litigants or regulators seeking to build a case against the company.
ABA members click here to read the newsletter