Photo of Tim J. St. George

Tim J. St. George

Subscribe to Tim J. St. George's Posts

Tim defends institutions nationwide facing class actions and individual lawsuits. He has particular experience litigating consumer class actions, including industry-leading expertise in cases arising under the Fair Credit Reporting Act and its state law counterparts, as well as litigation arising from data breaches.

Follow:Read more about Tim J. St. GeorgeTim J.'s Linkedin Profile
Data-Breach_1200x600_GettyImages-1895498673

This article was originally published on The Legal Intelligencer and is republished here with permission as it originally appeared on March 12, 2026.

In this third and final article in a three-part series on the FirstEnergy decision, we turn to what happens when litigation arrives and privilege is challenged.

Over the past several years, district courts have been skeptical of privilege claims over forensic investigation materials in the cybersecurity context. FirstEnergy provides a framework for defending those materials. Every cyber investigation serves two purposes. From a legal perspective, the investigation informs litigation exposure and defense strategy. But the same investigation also identifies compromised systems, drives remediation and supports business operations. After FirstEnergy, those dual purposes do not defeat privilege, provided the investigation was initiated because of legal risk and directed by counsel. This article also examines how the lessons of FirstEnergy apply in cases involving multiple defendants that may have both a desire and need—for both business and legal purposes—to work together to understand an incident and share information.

Privacy_1200x600_GettyImages-2154887234

This article takes the next step and focuses on what businesses can do before an incident to structure their vendor relationships and IR plans in alignment with these key legal lessons. We focus on four core IR vendor types: digital forensics vendors, restoration vendors, public relations (PR)/communications firms, and data mining/data review vendors.

Cybersecurity_1132275581

Reprinted with permission from the February 9, 2026 edition of The Legal Intelligencer. © 2026 ALM Global Properties, LLC. All rights reserved. Further duplication without permission is prohibited. For permission to reprint or license this article, please contact 877-256-2472 or asset-and-logo-licensing@alm.com.

Investigations led by counsel, triggered by legal risk, and designed to elicit legal advice remain protected, even if their findings later inform business decisions. For cyber incidents, FirstEnergy outlines how to structure IR investigations to maximize privilege and work product protection while supporting an effective technical and business response.

Privacy_1200x600_GettyImages-2219338309

Key point: Courts are concluding that not all data breaches should result in a lawsuit. Businesses need to consider causation and damages when responding to an incident and take steps to determine if there is no evidence of harm or traceability including on a class wide basis.