From www.tglaw.com.au: The Federal Court of Australia ruled that Medibank must disclose certain technical reports related to its 2022 data breach, impacting its claims of legal professional privilege.

The court found that while some reports prepared for legal advice were protected, others, including root cause analyses, were not privileged due to their dominant purposes not being related to obtaining legal advice.

This decision highlights the need for organisations to understand the limits of legal privilege in the context of cybersecurity incident responses.