By Christin McMeley and Amy Mushahwar ( June 29, 2017, 12:57 PM EDT) -- The attorney-client privilege and the work product doctrine are both well known among practitioners in the U.S., but these concepts are not always well understood. In the context of investigating a suspected cyber incident or auditing the security of your systems, it is important for not only counsel to understand these concepts, but also the technical and security personnel who are seeking legal advice or acting at the attorney's direction. Failing to establish attorney-client privilege or work product protections can give the opposing party in litigation significant leverage in negotiations or undermine the case entirely. Additionally, it is important for nonattorneys to understand when the privilege or work product doctrine is not or cannot be invoked, to avoid any false sense of security in the confidences of their communications....