- within Consumer Protection, Food, Drugs, Healthcare, Life Sciences and Intellectual Property topic(s)
- with Senior Company Executives, HR and Finance and Tax Executives
- with readers working within the Accounting & Consultancy, Banking & Credit and Insurance industries
A financial institution's cyber risk management activities may result in sensitive communications and documents that the institution's personnel expect will remain confidential. Nevertheless, in many circumstances a financial institution may be legally obligated to disclose those communications and documents unless the institution is able to assert a legal right – called "legal privilege" – to not make the disclosure.
There are two kinds of legal privilege under Canadian law that might be applicable – "legal advice" privilege and "litigation" privilege – each of which is different in purpose, scope and duration. The applicability of each kind of legal privilege to a communication or document will depend on the particular circumstances. Legal privilege presents a number of challenges with respect to communications and documents created as a result of cyber risk management activities. A legal privilege strategy is designed to enable an organization to establish legal privilege where appropriate.
For more information about legal privilege and cyber risk management, and practical recommendations for a legal privilege strategy for cyber risk management activities, see our recent bulletin here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.