Communications between lawyers and outside consultants, such as cybersecurity incident response teams and e-discovery vendors, are largely protected by the attorney work product doctrine, but may also be protected by the attorney-client privilege and court rules preventing the disclosure of communications with non-testifying consultants. Despite the fact a lawyer’s communications with consultants, experts, and vendors are third-party communications, they are generally confidential or privileged, but to preserve the confidentiality of these communications, there are a few things to keep in mind.
The work product doctrine generally prohibits the disclosure of a lawyer’s work performed in anticipation of litigation. Attorney work product protection is often set out in court rules such as Federal Rule of Civil Procedure 26(b)(3)(A) and state counterparts like California Code of Civil Procedure 2018.030 and Indiana Rule of Trial Procedure 26(b)(3). Federal Rule of Civil Procedure 26(b)(3)(A) provides that “[o]rdinarily, a party may not discover documents and tangible things that are prepared in anticipation of litigation or for trial by or for another party or its representative (including the other party’s attorney, consultant, surety, indemnitor, insurer, or agent).”
The genesis of work product protection is found in case law including Hickman v. Taylor, 329 U.S. 495 (1947), a United States Supreme Court case in which the justices noted that disclosure of an attorney’s work “contravenes the public policy underlying the orderly prosecution and defense of legal claims. Not even the most liberal of discovery theories can justify unwarranted inquiries into the files and the mental impressions of an attorney.” Acknowledging that attorneys rely on the help of investigators, consultants, and other third parties, in United States v. Nobles, 422 U.S. 225 (1975) the Court made clear that the work product doctrine also limits disclosure of the work of those assisting attorneys in litigation. “[The reality] is that attorneys often must rely on the assistance of investigators and other agents in the compilation of materials in preparation for trial. It is, therefore, necessary that the doctrine protect material prepared by agents for the attorney as well as those prepared by the attorney himself.”
In addition to work product protection, in certain circumstances, the attorney-client privilege may also shield communications between attorneys and third parties assisting with litigation
For instance, when the third party communicating with the attorney is the “functional equivalent” of an employee to the client, such as an independent contractor, the communications may be privileged. See, e.g. In re Bieter Company, 16 F.3d 929 (8th Cir. 1994).
Additionally, under the Federal Rules of Civil Procedure and many state rules, communications with non-testifying litigation consultants are not subject to discovery. For instance, Illinois Rule of Civil Procedure 201(b)(3) provides that “[t]he identity, opinions, and work product of a consultant [who will not be called at trial] are discoverable only upon a showing of exceptional circumstances under which it is impracticable for the party seeking discovery to obtain facts or opinions on the same subject matter by other means.”
Communications between lawyers and consultants are privileged only if the primary purpose of communications relate to legal services. If a consultant is engaged for both business and legal purposes, the communications may not be privileged.
In a recent case, communications with a vendor hired to assist with a cyber incident response were found not privileged because the company was hired prior to litigation and for what the court concluded was business reasons and not legal purposes.
In the Capital One Consumer Data Security Breach Litigation, the court ordered Capital One to turn over a forensic report compiled by its data security vendor because Capital One’s Cyber Security Operations team hired the vendor before the data breach occurred. The court noted that in federal court, attorney work product protection stems from Federal Rule of Evidence 502 . This protects from disclosure material prepared in anticipation of litigation or trial. “[M]aterial must be prepared because of the prospect of litigation. Materials prepared in the ordinary course of business or pursuant to regulatory requirements or for other non-litigation purposes are not documents prepared in anticipation of litigation.”
The court concluded that because Capital One and the vendor had a long-standing relationship and performed the same services regardless of the data breach litigation, the vendor did not create the report solely “because of” the lawsuit. To determine whether documents are created “because of” litigation courts “weigh factors such as the timing of retention of a non-testifying expert in relation to the litigation at issue . . . .”
Read a more thorough examination of the Capital One opinion.
Regardless of where the protection for communications between attorneys and litigation vendors arises, confidentiality is not absolute and steps should be taken to preserve the privileged nature of the communications. Below are six things to keep in mind to ensure the confidentiality of the communications.