As a central part of our “24/7” privacy & data breach counsel service we provide a foundation of “24/7” privilege protection for all clients (often called a “privilege shield” in legal parlance).   Our privilege protection goes above and beyond that typical in the traditional “billable hours” legal model in two ways:

1. by adopting the flat-fee model and generally eliminating hourly charges, the client is incentivized to factor legal into their infosec planning and communications continually, and
2. we protect confidentiality vigorously and make communications effortless by providing a convenient yet well-secured electronic portal.

The communications can also include other security vendors (such as forensics or breach notification) when they are coordinated through counsel.  As a result, privilege putatively applies to more communications bearing on the relevant privacy and data breach legal risks, and is also better protected–from being undermined by data breaches, lack of planning, or simple carelessness.*

Our clients comfortably share their organizational and system updates, questions, and concerns with us as they arise–getting the benefit of effortless, running consults without worrying that their words might be used against them later.  Moreover, if and when you have a breach, we will already be in a position to “quarterback” the response effort, without the need to re-convey sensitive information or for us to get familiar with each other.

What Is the Attorney-Client Privilege?

Confidential communications between a client seeking legal advice and their attorney are protected by a “privilege.”  That means, when the privilege applies, neither the client nor the lawyer can be forced to disclose those communications.  The exceptions to this rule are extremely limited, and for a good reason: the privilege is intended to encourage people to be forthcoming with counsel so they can get the best advice before there’s a problem.  Our clients are comfortable using our secure online communications portal (or simply picking up the phone) to ask our advice in any relevant context–from employment decisions to privacy policies to whether to segregate customer data to litigation–and they know they will be getting attorney guidance which will be putatively covered by privilege.

What Does the “24/7” Privilege Shield Do?

As privacy and data breach legal requirements get both more exacting and technical, “the details” become more important to a legal-risks evaluation of an organizational information security plan.  Our system is aimed at ensuring that clients can safely and without hesitation communicate their questions and concerns with us, including sensitive organizational planning or security information, that can help us to provide more comprehensive answers.

Through our secure cloud-based communications portal, clients can communicate details about their current policies and IT systems (as well as proposed changes) and obtain our counsel as needed.  Staying in frequent contact also helps us remain more up-to-date with the client organization, so we can more fully and proactively advise (and better respond to security incidents when they happen).

Traditional counsel typically cannot not stay this “integrated” with clients while still providing an economical service; and non-attorney consultants (such as “data breach coaches”) simply cannot provide a legal privilege protection for communications at all.

A Scenario

To illustrate, imagine your company subscribes to our service and is discussing a potential network architecture update (due, e.g., to the identification of security vulnerabilities, or simply a  business reorganization).  One of the first questions you have is “what are the legal considerations that should influence the system design or security policies?”  Another is “what are the legal implications of choosing one architecture over another?”  With our service, there is no agonizing internal debate over whether it’s worth involving outside counsel, as there’s no additional hourly charge for impromptu advice.  You simply log into our secure communications portal, tell us what’s being considered, and ask for advice on the legal implications.  You may identify other company officials who should be in on the discussion, who can be included.  The conversation proceeds in the familiar back-and-forth manner of an email or message board thread–but all in a secure, segregated, cloud-based system (participants are notified of updates by email, but must log-in to view the actual messages).   Naturally, we can discuss on the phone as well.  You get a quick answer from us, as you’ve kept us apprised of all recent-past changes via the same means.  This time, our answer integrates a recent change in the legal landscape you may not have realized was relevant, and may indeed effect your choice of technical solution.

In sum, we’ve seen the following advantages:

• The putatively-privileged discussion of the legal risks and strategy has been segregated from typical, discoverable technical deliberations (i.e. internal company emails, draft proposals, etc.)
• The discussion has been protected by a secure portal, both from snooping/breaches and careless disclosure to a third party that could constitute waiver (loss) of the privilege.
• The communications would not be privileged if you were working with a non-attorney.
• Now, unless you voluntarily inform them, potential opponents and competitors can’t access your deliberations about the legal risks of your system architecture and policies in court (assuming, as would be likely in most cases, that the communications would be deemed privileged by the court).
• If you’ve subscribed to our flate-fee service, you haven’t paid anything extra for the advice.
• We were able to quickly respond because we’ve been in touch with you continuously since your initial evaluation.
• We’ve remained up to date because it was easy, painless, and clearly advantageous to include us in the latest deliberations about your systems.

The Bottom Line: Our Value

Our clients understand that it’s important for us to have all the information we need to advise them effectively, whether there is a specific, immediate legal question in mind or not.  We will guide you through privacy incidents, including data breaches, and provide counsel regarding litigation that results.  But our goal is to help you prevent such incidents from happening in the first place.  Providing for frequent, worry-free, confidential communication beforehand puts us in the best position to do that.

*Note that no one can guarantee that attorney-client privilege will apply to any particular communication; however, the privilege is overwhelmingly likely to be respected by a court when it is between bona fide client and counsel and on a matter genuinely within the purview of legal counsel (including subject matter substantially related to legal matters covered under the representation).