Lucy Thomson
Senior Principal
Lucy Thomson, Esq., CISSP, brings a wealth of law enforcement, IT, litigation, and project management experience and insight to her practice advising government and commercial clients on legal and technology issues related to cybersecurity, global data privacy, compliance and risk management. She helps companies prevent and respond to data breaches, secure critical infrastructure, and devise solutions to address complex problems arising from new technologies.
She gained extensive hands-on experience conducting risk assessments, privacy impact assessments, and developing security plans as a senior engineer at CSC, a global technology company, on two of the government’s largest technology modernization projects: Customs and Border Protection (CBP-ACE) and the Internal Revenue Service (IRS). While at CSC she was appointed a government Information System Security Officer (ISSO). Previously a career white collar crime prosecutor at the U.S. Department of Justice, Ms. Thomson managed and conducted complex litigation in the Criminal and Civil Rights Division. There she prosecuted Medicare and consumer fraud cases and civil rights cases, resulting in landmark decisions.
Active in the American Bar Association (ABA), Ms. Thomson is a past chair of the Section of Science & Technology Law, member of the House of Delegates (since 2004) and the Cybersecurity Legal Task Force, and is founder and past co-chair of SciTech’s Privacy, Security, and Emerging Technology Division. She is co-editor of the new ABA book The Internet of Things (IoT): Legal Issues, Policy, and Practical Strategies, editor of the ABA Data Breach and Encryption Handbook, and a contributing author to the ABA Cybersecurity Handbook (2d Ed), Homeland Security and Emergency Management (3d Ed), and America Votes! Challenges to Modern Election Law & Voting Rights (4th Ed forthcoming).
Ms. Thomson is the author of publications that focus on security and privacy issues with mobile devices, industrial control systems (ICS), big data/AI, law firm security, cyber insurance, third party risk, bioinformatics and health care IT, homeland security, social engineering fraud, election system vulnerabilities, e-discovery, privacy in bankruptcy sales of personal data, and authentication of digital evidence in court. A frequent speaker on cybersecurity and privacy, Ms. Thomson has presented dozens of programs at the RSA security conferences, HIMSS and the ABA.
A Certified Information Privacy Professional (CIPP/US), Ms. Thomson’s extensive privacy expertise has led to her appointment as Consumer Privacy Ombudsman (CPO) in 27 federal bankruptcy cases. Responsible for evaluating the sale of “assets” consisting of sensitive personal information, she has overseen the disposition of more than 250 million electronic consumer records. Her assessment of the work of the CPO was published in the American Bankruptcy Institute (ABI) Journal (June 2015). Her further work on privacy risks in bankruptcy cases is featured in the Norton Annual Survey of Bankruptcy Law, 2017 Ed.
Internationally, she has served as a Legal Advisor to the United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT), the Asia-Pacific Economic Cooperation (APEC), and the Association of Southeast Asian Nations (ASEAN). As a legal advisor to the APEC Data Privacy Pathfinder Project, she focused on implementation of the APEC Privacy Framework through the development of Accountability Agents and Enforcement Authorities in Chile, Indonesia, Malaysia, Peru, the Philippines and Vietnam.
Ms. Thomson is a member of the American Law Institute (ALI). She received a Master’s degree from Rensselaer Polytechnic Institute (RPI) in 2001, earned the CISSP and CIPP/US certifications, and holds a J.D. degree from the Georgetown University Law Center.