Court Rules Target Data Breach Internal Investigation Documents Largely Protected by Attorney-Client Privilege/Work Product Doctrine

The Minnesota magistrate judge presiding over discovery in the litigation seeking to hold Target Corp. liable for the retailer's 2013 data breach issued an order denying the motion by a plaintiff class of about 9,000 banks to compel production of certain documents relating to Target's internal investigation that were withheld on privilege grounds.

The banks argued that Target could not avoid disclosure of the details of its investigation conducted by a "Data Breach Task Force" (DBTF) under the attorney-client privilege or work product doctrine, because the investigation of the breach and the planning process for remediation constitute regular business functions. The banks claimed that Target's use of outside counsel to direct the DBTF did not transform factual communications into requests for legal advice. Rather, the plaintiffs argued that those communications were "regular" business discussions Target would have conducted "regardless of any litigation, to appease its customers and ensure continued sales, discover its vulnerabilities, and protect itself against future breaches."

Additionally, the banks argued that even if the work product doctrine did apply, production was appropriate because they made "a showing of 'substantial need and an inability to secure the substantial equivalent of the items through alternate means without undue hardship.'" (citing Pittman v. Frazer, 129 F.3d 983, 988 (8th Cir. 1997)). The banks explained that they had attempted to obtain the allegedly privileged information through depositions, but Target's counsel objected on privilege grounds.

In response, Target argued that the banks' complaint acknowledged the extraordinary nature of the breach, and, therefore, the banks' claims that the DBTF was conducting "regular" business functions or "ordinary work" were untrue.

Target further argued that in accordance with applicable Eighth Circuit law (citing Simon v. G.D. Searle & Co., 816 F.2d 397, 404 (8th Cir. 1987)) and In re Kellogg Brown & Root, Inc., 756 F.3d 754 (D.C. Cir. 2014), communications are privileged even if they serve a business purpose, so long as one of the "significant purposes of the internal investigation" was to obtain or provide legal advice, or so long as mixed business and legal communications "'impliedly' request legal advice regarding business decisions." Applying these principles, Target argued that the communications were privileged because the DBTF "facilitated Counsel's investigation...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT