Rutter's Data Security Breach

Last week, the U.S. District Court for the Middle District of Pennsylvania ordered Rutter’s, a convenience-store chain to produce a forensic report and all related communications in a discovery dispute regarding a potential data breach. In its ruling, the Court held that the report and communications were not protected from disclosure by the work product doctrine or the attorney-client privilege based on its determination that “the primary motivating purpose behind the report was not to prepare for the prospect of litigation but to determine whether unauthorized activity within the Rutter’s systems environment resulted in the compromise of sensitive data, and to determine the scope of such a compromise if it occurred.”

As companies struggle to understand cybersecurity threats and potential consequences involved in data breach litigation, this ruling emphasizes the need to retain external legal counsel early - not only to clearly define the scope and purpose of any data breach investigation but also, to avoid unnecessary regulatory exposure. At NFP, our dedicated claims advocacy practice understands the cybersecurity risks facing your organization as well as the risks inherent in data breach litigation. Reach out to your local NFP broker to find out more.

download article