Ask any litigation paralegal or junior associate what they dread most about document review, and the answer is almost always the same: the privilege log. It is tedious, time-consuming, and unforgiving. Every entry must accurately describe the document, the participants, the date, and the basis for privilege — without revealing the very content the privilege is meant to protect. One misstep can trigger a motion to compel, a clawback dispute, or worse.
The stakes are higher than most practitioners realize. Courts have repeatedly ordered disclosure of documents where the privilege log was deemed insufficient. In Burlington Northern & Santa Fe Railway Co. v. U.S. District Court, the court found that boilerplate log entries failed to establish a prima facie case for privilege. When a log entry says nothing more than "attorney-client communication," opposing counsel will challenge it — and judges will often side with them.
Beyond insufficiency, there is the ever-present risk of inadvertent production. When tens of thousands of documents flow through a review pipeline, privileged material can slip through the cracks. And while Federal Rule of Evidence 502(b) provides some protection for inadvertent disclosures, the burden falls on the producing party to demonstrate that reasonable steps were taken to prevent the disclosure. A poorly constructed privilege log is evidence that reasonable steps were not taken.
The manual process compounds these risks. Reviewers must open each document, assess privilege, draft a log entry, and ensure consistency across thousands of entries. When different reviewers use different language for the same privilege basis, or when family relationships between emails and attachments are not properly tracked, the resulting log is a patchwork of inconsistencies that opposing counsel will exploit.
Before a single document is reviewed, the legal team must establish clear privilege categories and definitions. The three most common bases are attorney-client privilege, work product doctrine, and joint defense privilege. Each has distinct elements that must be satisfied, and reviewers need to understand the difference between them before they begin tagging documents.
Attorney-client privilege requires a communication between a client and an attorney (or their agent) made for the purpose of seeking or providing legal advice and intended to be confidential. In the corporate context, this means understanding who qualifies as the "client." Under the Upjohn standard, communications between corporate employees and company counsel can be privileged, but only if the communication was made at the direction of corporate superiors for the purpose of securing legal advice. Reviewers must be trained to distinguish between employees seeking legal advice and employees simply copying an attorney on a business communication.
Work product doctrine protects materials prepared in anticipation of litigation. The key question is whether the document was prepared "because of" litigation or the prospect of litigation. Ordinary work product (factual material) receives qualified protection and can be overcome by a showing of substantial need, while opinion work product (mental impressions, conclusions, legal theories) receives near-absolute protection. Your review protocol should distinguish between these two categories because the strength of the claim differs significantly.
Joint defense privilege, sometimes called the common interest doctrine, extends privilege to communications between parties who share a common legal interest. This is particularly relevant in multi-party litigation, government investigations, and cases involving co-defendants. Document your joint defense agreements and ensure reviewers know which parties are covered. The categories should be formally documented in a written review protocol that every reviewer receives before beginning their work.
Effective privilege identification starts with comprehensive keyword and entity lists. Begin with the obvious: names of all attorneys involved in the matter, both internal and external counsel. Include full names, nicknames, email addresses, and the domains of outside law firms. In large corporate matters, there may be dozens of attorneys across multiple firms whose communications could be privileged.
Beyond attorney names, build lists of privilege indicators in the text of documents. Phrases like "privileged and confidential," "attorney-client communication," "work product," "prepared at the direction of counsel," and "litigation hold" are strong signals. But do not rely solely on these markers. Many legitimately privileged communications contain no such labels, while some non-privileged documents may include boilerplate confidentiality footers that falsely suggest privilege.
Pay special attention to distribution lists and third-party recipients. A communication between an attorney and client loses its privilege if it is shared with a third party outside the privilege relationship (unless a common interest or joint defense agreement applies). Reviewers must examine the To, CC, and BCC fields carefully. If an email was sent to an attorney but also copied to a business consultant, the privilege may be waived. Build a list of known third parties and flag documents where they appear as recipients.
Your entity lists should also account for organizational complexity. In corporate groups with subsidiaries, affiliates, and joint ventures, the question of who is the "client" becomes nuanced. Communications with a subsidiary's in-house counsel may or may not be privileged depending on the corporate relationship and the nature of the legal advice. Document the organizational structure and provide clear guidance to reviewers about which entities fall within the privilege umbrella.
The format of your privilege log matters more than most practitioners appreciate. Courts have different expectations depending on the jurisdiction, the volume of documents, and the nature of the case. Choosing the wrong format can result in a court ordering you to redo the entire log — at significant cost and with potential sanctions exposure.
The traditional (individual) log lists each document separately with its date, author, recipients, subject, and privilege basis. This is the gold standard in terms of specificity, but it becomes impractical at scale. When you have 10,000 privileged documents, creating individual entries is extraordinarily time-consuming and expensive. Still, many jurisdictions default to this format, and some judges insist on it.
The categorical log, endorsed by courts in cases like In re Delphi Corp., groups documents by category rather than listing them individually. For example, all emails between a specific attorney and a specific client regarding a particular legal matter can be grouped into a single entry. This dramatically reduces the burden on the producing party, but it requires careful crafting to ensure each category is sufficiently specific. Vague categories will be challenged and potentially rejected.
A metadata-based log provides objective metadata fields (date, author, recipients, document type) without narrative descriptions. Some courts accept this approach, particularly for large-volume productions. A hybrid approach combines elements of all three: categorical grouping for bulk documents, individual entries for key documents, and metadata supplementation throughout. The best approach depends on your jurisdiction, the volume of privileged documents, and any applicable local rules or standing orders. Research the presiding judge's preferences before committing to a format.
A single-pass privilege review is a recipe for errors. The better approach is a two-pass workflow where the first pass identifies potential privilege and the second pass validates those calls. In the first pass, reviewers tag documents as "potentially privileged" based on the keyword lists, entity lists, and their assessment of the communication. This pass prioritizes recall — it is better to over-tag than to miss a privileged document that ends up in production.
The second pass involves senior review by experienced attorneys who evaluate each privilege call. They verify that the elements of privilege are met, draft or refine the log entry, and make the final determination. Senior reviewers should focus on the documents that are most likely to be challenged: communications where third parties are copied, documents where the privilege basis is ambiguous, and any document where the first-pass reviewer expressed uncertainty.
One frequently overlooked issue is the treatment of attachments to privileged emails. An attachment to a privileged email is not automatically privileged. Each attachment must be independently assessed. A spreadsheet attached to a privileged email may be a pre-existing business document that was simply shared with counsel — in which case the attachment itself is not privileged even though the covering email is. Conversely, an attachment may contain attorney mental impressions or legal analysis that qualifies as work product independently of the email.
The two-pass workflow should also include a mechanism for escalation. When a reviewer encounters a document that raises complex privilege issues — such as documents involving former employees, communications with government regulators, or materials from a prior litigation — there should be a clear path to escalate the decision to a senior attorney or the supervising partner. Document these escalation decisions, as they demonstrate the reasonable steps required under Rule 502(b).
Before any production goes out the door, the privilege log must undergo rigorous quality control. Start by verifying that every document designated as privileged appears on the log. It sounds obvious, but gaps between the privilege designations in the review platform and the entries on the log are one of the most common deficiencies courts identify. Cross-reference the document IDs in your review platform against the log entries to ensure complete coverage.
Cross-reference Bates ranges to confirm that no privileged document was inadvertently included in the production set. Run a comparison between the Bates ranges on the privilege log and the Bates ranges in the production. Any overlap indicates a serious problem: either a privileged document was produced, or the Bates numbering is incorrect. Either way, it must be resolved before the production is delivered.
If your production includes redacted documents, verify that the redactions are properly applied and the redacted versions are flattened. A redaction that can be removed by copying text from a PDF is not a redaction at all — it is a disclosure. Use tools that burn redactions into the document image so that the underlying text cannot be recovered. Test a sample of redacted documents by attempting to select and copy text from the redacted areas.
Finally, confirm whether a Federal Rule of Evidence 502(d) order is in place. A 502(d) order provides that inadvertent disclosure of privileged material does not constitute a waiver, regardless of whether the producing party took reasonable steps. If no such order exists, consider requesting one before production. It is the single most effective safeguard against privilege waiver through inadvertent production, and courts routinely grant these requests. Document all QC steps taken, as this record will be critical if any privilege designation is later challenged.
DecoverAI's platform addresses the privilege logging challenge with AI-powered privilege classifiers that identify potentially privileged documents during the review process. The system analyzes communication patterns, participant roles, and document content to flag documents that are likely subject to attorney-client privilege, work product protection, or joint defense agreements. This automated first pass dramatically reduces the time reviewers spend manually searching for privileged material.
Once documents are tagged as privileged, DecoverAI auto-generates privilege log entries that include all required metadata fields: date, author, recipients, document type, and privilege basis. The system uses natural language processing to draft concise, non-revealing descriptions of document content — the most time-consuming part of manual privilege logging. Reviewers can edit and refine these entries, but the heavy lifting is done automatically.
The platform supports all major log formats, including traditional individual logs, categorical logs, metadata-based logs, and hybrid approaches. Users can switch between formats or generate multiple versions of the same log depending on jurisdictional requirements. Built-in QC checks verify that every privileged document has a corresponding log entry, that Bates ranges are consistent, and that no privileged document appears in the production set.
The results speak for themselves. In the Tax Credit Investigation case study, DecoverAI processed 30,000 documents in just 3 days, including full privilege log generation, Bates stamping, and redactions. The client achieved a 98% cost reduction compared to traditional methods. What would have taken a team of reviewers weeks to accomplish was completed in a fraction of the time, with greater consistency and accuracy than manual review could achieve.