While there are no guarantees as to which communications will ultimately be protected by privilege, a company can increase its odds of creating a sphere of privilege-protected communications in the aftermath of a data breach by giving consideration to such issues in structuring its internal investigations.

Below we highlight lessons learned from the decision of the United States District Court for the District of Minnesota following the much publicized December 2013 data breach involving Target Corporation (Target).



​ ​