Companies frequently use the internal audit and review process to verify compliance with applicable laws, regulations and internal policies. Periodic internal review and analysis can be an effective way for an organization to detect areas where it may not be fully compliant and, if necessary, take corrective actions. Companies should be mindful, though, that results of internal audits and reviews are potentially discoverable by regulatory authorities and in court proceedings. Protecting the results of internal audits from disclosure is a serious concern and it is therefore critical for counsel to consider the extent of applicable privileges and protections.
Generally, opposing litigants cannot discover privileged information in a court proceeding and neither can anyone other than the holder of the privilege divulge it. Failure to protect privileged information from disclosure, however, may result in the waiver of any applicable privilege.
In Reichhold Chemicals Inc. v. Textron Inc., the self-evaluative analysis privilege was described as protecting an organization from the “Hobson’s choice” of risking the creation of a self-incriminating record by investigating potential regulatory violations. At issue was a report prepared after the fact for the purpose of a candid self-evaluation and analysis of the cause and effect of past pollution. The court reasoned that the public’s interest in encouraging these types of reviews, which also include securities law audits and environmental audits among others, outweighed the plaintiff’s right to discovery. However, there is significant disagreement between the courts with respect to the scope and application of the self-evaluative privilege. Many courts do not recognize it.
The insurance industry is leading the way in lobbying state legislatures to codify the self-evaluative privilege. To date, nine states have enacted laws similar to the Insurance Compliance Self-Evaluative Privilege Model Act adopted by the National Conference of Insurance Legislators in 1998. Under the Model Act, an “insurance compliance self-evaluative audit document is privileged information and is not discoverable or admissible as evidence in any legal action”. In a civil matter, after an in camera review, a court may require disclosure of insurance compliance self-evaluative audit documents, if the court determines that the privilege is asserted for a fraudulent purpose or that the material is not subject to the privilege.