On any document review of meaningful size, the privilege pass is the line item that consumes the largest share of attorney time per document. Responsiveness can be triaged with keywords and TAR; confidentiality designations can be batch-applied; but privilege calls have historically required a licensed attorney looking at each candidate document, drafting a log entry, and signing off on the description. At $4 to $8 per document in contract-review markets and far higher inside an AmLaw firm, a 2,000-document privilege population can run $12,000 to $30,000 on its own — and a 20,000-document population can exceed the entire rest of the discovery budget.
The cost-versus-risk problem is that the obvious way to control privilege costs — reviewing faster and more cheaply — is also the fastest way to lose the privilege entirely. Federal Rule of Evidence 502 was enacted in 2008 specifically because the pre-existing case law had treated any disclosure as fatal: the leading negative authority, In re Sealed Case, 877 F.2d 976, 980 (D.C. Cir. 1989), held that a privilege holder must treat the material like a "precious jewel" and that any slip-up forfeits protection. The Advisory Committee notes to FRE 502 explicitly reject that result and identify the "prohibitive" cost of privilege review in ESI-heavy litigation as the rule's animating concern.
The takeaway for in-house counsel is that the cost-versus-risk tradeoff is not a tradeoff at all: it is a procedural problem with a procedural solution. Rule 502 gives litigants two distinct safeguards — subsection (b) for inadvertent disclosure and subsection (d) for court-ordered non-waiver — and the relative cost of obtaining the stronger of the two is roughly the price of a single motion. The rest of this article walks through the authorities, identifies what "reasonable steps" actually means after Mt. Hawley v. Felman, and shows how a properly drafted 502(d) order plus a categorical privilege log under SEC v. Thrasher can compress a six-figure privilege workflow into a five-figure one without ceding any defensibility.
Federal Rule of Evidence 502(d) is the most powerful and least-used cost-control mechanism in modern discovery practice. The rule is one sentence long: "A federal court may order that the privilege or protection is not waived by disclosure connected with the litigation pending before the court — in which event the disclosure is also not a waiver in any other federal or state proceeding." Crucially, a 502(d) order eliminates the waiver inquiry entirely. Unlike 502(b), which requires a producing party to demonstrate that it took "reasonable steps to prevent disclosure," a court order under 502(d) provides that an inadvertent production is not a waiver regardless of whether reasonable steps were taken.
Former Magistrate Judge Andrew J. Peck of the Southern District of New York — the judge who wrote Da Silva Moore and Rio Tinto — has been the leading judicial advocate for 502(d) orders, repeatedly stating from the bench and in published commentary that for any lawyer producing more than a handful of documents it is "akin to malpractice" not to seek one. The reason is straightforward: a 502(d) order costs a single motion, often a single paragraph in an existing ESI stipulation, and it converts the privilege review from a high-stakes liability hunt into a cost-benefit optimization. With the order in place, the privilege team can focus on the documents most likely to be requested, accept a higher false-negative rate on the long tail, and rely on the order to claw back anything that slips through.
The procedural mechanics are also unforgiving in the other direction. Mt. Hawley Insurance Co. v. Felman Production, Inc., 271 F.R.D. 125, 133–36 (S.D. W. Va. 2010), is the warning case: the parties had an ESI stipulation with clawback language, but the court held it was not a 502(d) order because it was not entered as a court order and did not invoke the rule by name. The producing party was therefore thrown back onto 502(b)'s reasonable-steps test and lost the privilege over the disputed email. The drafting lesson from Mt. Hawley is to put the words "Federal Rule of Evidence 502(d)" on the face of the order, have a judge sign it, and not rely on a clawback paragraph buried in a stipulation. The white paper that accompanies this article includes a one-page drop-in 502(d) template with annotations.
When no 502(d) order has been entered, the producing party falls back on Federal Rule of Evidence 502(b), which protects an inadvertent disclosure only if three conditions are met: the disclosure was inadvertent, the holder took "reasonable steps to prevent disclosure," and the holder "promptly took reasonable steps to rectify the error." The middle prong — reasonable steps to prevent — is where almost every contested 502(b) motion is won or lost, and the courts have built a five-factor balancing test to decide it: the precautions taken, the number of inadvertent disclosures, the extent of the disclosure, any delay in rectification, and the overarching interests of justice.
Mt. Hawley v. Felman is the cautionary tale on the wrong side of the test. Magistrate Judge Mary Stanley applied the five-factor framework and found waiver because the producing party had failed to perform quality-control sampling on its production, had failed to run simple keyword searches for known sensitive documents (including the disputed "May 14 email"), had produced 377 privileged items in a single batch, and had let the opposing party rather than the producing party identify the privileged disclosures. Mt. Hawley, 271 F.R.D. at 136. The holding is sobering: a technological glitch in the database indexing did not excuse the absence of human quality assurance. Victor Stanley, Inc. v. Creative Pipe, Inc., 250 F.R.D. 251, 261–62 (D. Md. 2008), reached a parallel result on a parallel record — Magistrate Judge Paul Grimm holding that defendants who could not document or defend their keyword search methodology had waived privilege over 165 inadvertently produced documents.
The opposite-result case is Rhoads Industries, Inc. v. Building Materials Corp. of America, 254 F.R.D. 216 (E.D. Pa. 2008). On facts that look superficially worse than Mt. Hawley — roughly 800 privileged documents inadvertently produced out of a 78,000-document review — the court found no waiver. The difference was process: the producing party in Rhoads had documented its review protocol, performed sampling, and rectified promptly, and the court held that the "interests of justice" prong of the five-factor test outweighed the volume of the disclosure. The lesson across the two cases is that the absolute number of slipped documents matters far less than whether the producing party can put a defensible written protocol in front of the magistrate. Process discipline, not zero defects, is what 502(b) actually rewards.
Even when the privilege determinations are sound, the cost of logging them can sink the budget. The traditional document-by-document privilege log, with a separate row for every withheld email, runs $5 to $15 per entry in vendor markets — and on a 2,000-entry log that single line item is $10,000 to $30,000 of pure typing. The principal authority for compressing that work is SEC v. Thrasher, No. 92 Civ. 6987 (JFK), 1996 WL 125661, at *1 (S.D.N.Y. Mar. 20, 1996), where Judge John F. Keenan held that "in appropriate circumstances, the court may permit the holder of withheld documents to provide summaries of the documents by category or otherwise limit the extent of his disclosure."
The Thrasher court grounded the rule in Federal Rule of Civil Procedure 26(b)(5) and articulated a two-prong test that has become the standard for categorical logging: a category-based log is appropriate when (a) "a document-by-document listing would be unduly burdensome" and (b) "the additional log would be of no material benefit to the discovering party in assessing whether the privilege claim is well-grounded." Thrasher, 1996 WL 125661, at *1. The test is conjunctive — both prongs must be satisfied — and the producing party bears the burden of showing both.
In practice, that means a categorical log is appropriate for high-volume, low-variance privilege populations: a long thread between in-house counsel and a deal team, a series of monthly status memos to the general counsel, a workstream of attorney work product generated for a single internal investigation. It is not appropriate for ad hoc collections of one-off documents whose privilege basis varies. The drafting move that survives Thrasher challenge is to define each category narrowly, identify the privilege basis and the participants for the category as a whole, give a representative date range, and provide a count — and then offer in-camera sampling on request. Several district courts now require sampling or in-camera review to supplement categorical logs in close cases, and meeting that demand proactively is cheaper than litigating it.
The English courts handle inadvertent disclosure differently than US courts in two important respects: there is no statutory equivalent to FRE 502(d) (privilege protection in England is governed by common law and the Civil Procedure Rules rather than by an evidence code), and the focus of judicial scrutiny is often on the recipient's conduct as much as the producer's. The leading modern authority on the cost consequences of e-disclosure failures is West African Gas Pipeline Co Ltd v. Willbros Global Holdings Inc, [2012] EWHC 396 (TCC), decided by Mr Justice Ramsey in the Technology and Construction Court on 27 February 2012.
The facts are a litigation-support nightmare: WAPCo disclosed tens of thousands of PDFs to Willbros in a complex international construction dispute, and the production was riddled with process failures — documents disclosed both redacted and unredacted, missed custodians discovered only on re-review, ineffective de-duplication producing many duplicates, poor OCR, and corrupted or missing metadata. Willbros applied for wasted-costs orders to compensate for the time its team had spent untangling the production. Ramsey J granted them: WAPCo was ordered to pay 80% of Willbros's costs of dealing with duplicate copies, 80% of costs of dealing with redacted documents, 50% of the costs of reviewing specific tranches, and a payment on account of £135,000. West African Gas Pipeline, [2012] EWHC 396 (TCC).
The doctrinal point that matters for an in-house counsel reading this from across the Atlantic is that the English courts are willing to monetize sloppy privilege and disclosure work directly as a costs sanction against the producing party, even where the underlying disclosure is not strictly a "waiver" in the FRE 502 sense. Ramsey J distinguished between minor errors (a corrupted filename that can be promptly fixed) and "systematic failures" in de-duplication and redaction, awarding wasted costs only for the latter. The practical implication is the same on both sides of the Atlantic: a producing party that cannot document a defensible privilege workflow pays for it — in waiver in the US, in costs in England.
The case law reduces to a single operational requirement: a producing party needs a documented, repeatable, and testable privilege workflow that a magistrate can examine after the fact. DecoverAI's privilege log generation module is built to that requirement. It runs an AI classifier across every document in the review population, surfaces candidate privileged items with a confidence score and a draft privilege basis, flags documents that touch known attorney custodians or attorney-client domains, and auto-drafts a log entry that an attorney reviews and approves. The audit log captures every decision — who reviewed what, when, on what basis — which is exactly the documentation that Mt. Hawley and Victor Stanley say is missing in the cases that lose.
The categorical-logging workflow contemplated by SEC v. Thrasher is a first-class feature: privileged documents can be grouped into named categories, the category-level description and date range can be drafted once, and the per-document attestation is captured separately for in-camera production if it is ever requested. The combination compresses the per-entry cost of a privilege log from the $5–$15 traditional vendor range into the platform fee, with no per-entry surcharge. In the Tax Credit Investigation case study, this workflow processed 30,000 documents end-to-end — including a complete privilege log — in three days, with a 98% cost reduction relative to the traditional vendor estimate.
The pricing makes the math irreversible. DecoverAI is $60 per gigabyte per month, all-in, with no per-document fees, no per-entry log surcharges, and no contracts. On the same 100 GB / 250,000-document benchmark used in our companion pricing article, the privilege review and log line items collapse from $32,000 in the traditional model to $0 in the all-in model — without sacrificing the documented, sampled, audit-logged workflow that the cases require. Combine that with a properly drafted 502(d) order on the front end and a categorical log on the back end, and the privilege phase of a six-figure document review becomes a defensible, predictable, repeatable line item rather than the part of the matter that nobody can budget for.