A financial institution's cyber risk management activities may result in sensitive communications and documents that the institution's personnel expect will remain confidential. Nevertheless, in many circumstances a financial institution may be legally obligated to disclose those communications and documents unless the institution is able to assert a legal privilege to not make the disclosure. For more information about legal privilege and cyber risk management, and practical recommendations for a legal privilege strategy for cyber risk management activities, see our recent two-part bulletin here and here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.