Here are two recent presentations that may be relevant to you – one on finding internet evidence that I presented last Saturday at our firm’s PD day and another from a few days earlier on privacy, data security and CASL compliance at financial services firms. If you work in management and something catches your eye that raises questions do get in touch.
Having good investigative capacity is essential to good data breach response. More often than not, a post-incident investigation involves gathering evidence from witnesses. Digital forensics is also a common part of a breach investigation, but digital forensic evidence typically complements other testimonial and documentary evidence. For this reason I’m sharing a presentation I did with student conduct officers at Canadian colleges and universities last week, in which my aim was to prepare the audience to deal with a more challenging “credibility case.” It is relevant to human resources practitioners engaged in an investigative capacity post-incident and is relevant to lawyers and others who act as “breach coaches.”
On May 15th, Justice Ramsay of the Ontario Superior Court of Justice denied a claim that an investigation report was subject to solicitor-client privilege. He explained the difference between the kind of third party conduit whose role is essential to the solicitor-client relationship and an ordinary fact finder:
If the third party’s retainer extends to a function which is essential to the existence or operation of the client-solicitor relationship, then the privilege should cover any communications which are in furtherance of that function and which meet the criteria for client-solicitor privilege. Examples given in Chrusz are psychiatrists who examine the client and accountants who examine the client’s books (¶116).
On the other hand (¶22), “[i]f the third party is authorized only to gather information from outside sources and pass it on to the solicitor so that the solicitor might advise the client, or if the third party is retained to act on legal instructions from the solicitor (presumably given after the client has instructed the solicitor), the third party’s function is not essential to the maintenance or operation of the client-solicitor relationship and should not be protected.”
Both of the paragraph references above are to the Ontario Court of Appeal decision in Chrusz.
Weinmann Electric Ltd v. Niagara Falls Bridge Commission, 2013 ONSC 2805 (CanLII).
Earlier this week I sat in on a great presentation on interviewing techniques by a former police officer who’s now a corporate security pro. Pretty fascinating subject. After, I gave a short presentation on some of the common flaws we (as management counsel) see in internal investigations.
Here are my slides.