The attorney-client privilege protects not just individuals, but any collective entity (e.g., corporations) that need to seek out legal advice or representation. While the doctor-patient and priest-pentitent privilege are personal in nature due to the nature of the information disclosed, the self-audit privilege applies principally to corporations or other collective entities. The goal of the privilege is to encourage a discussion that would not exist but for the privilege because the discussion itself is a positive good, irresepective of the harm resulting from the privilege. Thus, we want to encourage people to seek legal advice, medical advice and spiritual advice, and to engage in investigations that will uncover wrongdoing. The underlying information (e.g., the security vulnerability or incident) that is reported is not privileged. The voluntary disclosure of this information in one forum should not be used against the reporter in another forum.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/61/10920#10920