The question of privilege in respect of documents prepared during corporate responses to crises, particularly in the context of investigations following cyber incidents, has emerged as a key issue in Australia. Recent judicial decisions have reinforced the principle that privilege is not a blanket protection and must be carefully substantiated, particularly where documents are created for more than one purpose.
This principle was highlighted in two recent class actions: Robertson v. Singtel Optus Pty Ltd [2023] FCA 1392 and McClure v. Medibank Private Limited [2025] FCA 167. In both cases, the Applicants contested the Respondents' claims of privilege over forensic investigation reports that had been prepared by Deloitte during an investigation into a data breach. In both cases, the Federal Court found that the investigation reports had been commissioned for multiple purposes — both legal and nonlegal — and, therefore, the reports had not been created for the dominant purpose of legal advice or for use in litigation. As a result, the reports were not privileged and had to be disclosed.1
These recent decisions authorities make it clear that Australian courts will closely examine privilege claims over documents prepared as a result of an investigation. Common scenarios include employment and allegations of corrupt conduct. Once the investigation has more than a single purpose, there is a risk that a court may find that the legal purpose did not predominate, which means no privilege.