What Can Corporations Safely Share With Their Auditors?

Corporations risk waiving their fragile privilege protection by sharing protected communications with even the friendliest outsiders — such as their retained public relations consultants, etc. They must disclose some information to their auditors, but does that waive corporations’ privilege protection?

In People v. National Rifle Ass’n of America, — N.Y.S.3d —, 2023 N.Y. App. Div. LEXIS 7006, at *12 (N.Y. App. Div. Dec. 28, 2023), the court applied the general rule in concluding that “[t]he attorney-client privilege was waived by disclosure to the NRA’s outside auditor.” Because the document at issue was “not prepared in anticipation of litigation . . . [the court] need not reach the parties’ arguments regarding its waiver [of work product protection].” Id. at *13. This issue brings to mind an interesting backstory about work product waiver. Before the Enron collapse, courts uniformly held that disclosing work product to an auditor did not waive that more robust protection — given the auditor’s confidentiality duties. A few courts came to the opposite conclusion after Enron, which created a frightening dilemma for corporations required by their auditors to describe litigation risks. Fortunately, a nearly unbroken string of opinions since then has returned to the general non-waiver conclusion on the work product side.

Corporations should count on waiving their fragile privilege protection when disclosing privileged communications to their auditors, but almost always can count on their stronger work product protection surviving such disclosure.

Published .