It has not happened often, but now another court has held that a breached entity cannot protect an investigation into a breach by declaring it legally privileged. Naomi Neilson reports:
The Australian Federal Court has ruled that Optus will not be able to keep a report it commissioned from professional services firm Deloitte regarding its 2022 cyber attack out of the hands of lawyers representing a class action against the telco.
Optus had claimed that the report and its contents were protected under legal professional privilege and that it was primarily commissioned to provide legal advice. However, Federal Court judge Justice Jonathan Beach ruled against this claim in November, saying there were “problematic aspects” to the company’s claim.
Justice Beach determined that since the report had been mentioned in an Optus press release, and then Optus CEO had said the report would “help inform the response to the incident”, its “dominant purpose was not a legally privileged purpose”.
Read more at Lawyers Weekly.