"I have found Journal of Airport Management to be an incredibly professional and leading-edge journal which finds and addresses the key areas of interest and importance to the aviation industry in general and the airport operator specifically. The themes, cases studies and areas investigated and researched by the journal's writers are of a high quality and professionalism allowing me as an industry participant to continually learn and improve. I strongly support and recommend the journal to anyone within or interested in the aviation industry as an essential tool in assisting you to improve your own knowledge and performance."
How to prepare for data breaches? Lessons learned from recent incidents
Journal:
Click the button below to download the full text of the article.
Abstract: It seems like every few weeks there is a report of a new data incident having taken place: recent high-profile examples include FedEx (February 2018), Under Armour/MyFitnessPal (March 2018), Panera Bread (April 2018), Adidas (June 2018), MyHeritage (June 2018), Macy’s (July 2018), Timehop (July 2018), Reddit (August 2018) and T-Mobile (August 2018), just to name a few. So, what should organisations do in relation to cybersecurity incidents? More specifically, what can happen when the board or senior management is not appropriately engaged nor response plans properly practiced or otherwise followed? What can we learn from previous security incidents that have taken place? This paper examines some real-world cases of what can happen following a security incident.
Keywords: data breaches; GDPR; cybersecurity incidents; security incidents
Paul Lanois is a global privacy, data protection and information security professional, and is an attorney admitted to the Bars of the District of Columbia (DC-USA), New York (NY-USA) and the Supreme Court of the United States (SCOTUS). He regularly publishes articles on technology law and is frequently invited to speak on such topics. He has spoken at numerous conferences across the USA, Europe and Asia. He has been recognised as a Fellow of Information Privacy (FIP) by the International Association of Privacy Professionals (IAPP) and is a Certified Information Privacy Professional, with concentrations in Asian law (CIPP/A), US law (CIPP/US), European law (CIPP/E) and Canadian law (CIPP/C). He is also a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Technologist (CIPT). He was an associate professor at the University of Cergy-Pontoise in France and an attorney at major international law firms (Simpson Thacher & Bartlett, Allen & Overy and Linklaters). He graduated from the University of Paris-Sorbonne (France) with a Master’s degree in business law and a postgraduate degree in private and public economic law. He also holds an LL.M. degree from the University of Pennsylvania Law School (USA) and a Certificate in Business and Public Policy from the Wharton School at the University of Pennsylvania.