How to prepare for data breaches? Lessons learned from recent incidents

Paul Lanois, Attorney, DC-USA, SCOTUS

Click the button below to download the full text of the article.



Abstract: It seems like every few weeks there is a report of a new data incident having taken place: recent high-profile examples include FedEx (February 2018), Under Armour/MyFitnessPal (March 2018), Panera Bread (April 2018), Adidas (June 2018), MyHeritage (June 2018), Macy’s (July 2018), Timehop (July 2018), Reddit (August 2018) and T-Mobile (August 2018), just to name a few. So, what should organisations do in relation to cybersecurity incidents? More specifically, what can happen when the board or senior management is not appropriately engaged nor response plans properly practiced or otherwise followed? What can we learn from previous security incidents that have taken place? This paper examines some real-world cases of what can happen following a security incident.

Keywords: data breaches; GDPR; cybersecurity incidents; security incidents


Paul Lanois is a global privacy, data protection and information security professional, and is an attorney admitted to the Bars of the District of Columbia (DC-USA), New York (NY-USA) and the Supreme Court of the United States (SCOTUS). He regularly publishes articles on technology law and is frequently invited to speak on such topics. He has spoken at numerous conferences across the USA, Europe and Asia. He has been recognised as a Fellow of Information Privacy (FIP) by the International Association of Privacy Professionals (IAPP) and is a Certified Information Privacy Professional, with concentrations in Asian law (CIPP/A), US law (CIPP/US), European law (CIPP/E) and Canadian law (CIPP/C). He is also a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Technologist (CIPT). He was an associate professor at the University of Cergy-Pontoise in France and an attorney at major international law firms (Simpson Thacher & Bartlett, Allen & Overy and Linklaters). He graduated from the University of Paris-Sorbonne (France) with a Master’s degree in business law and a postgraduate degree in private and public economic law. He also holds an LL.M. degree from the University of Pennsylvania Law School (USA) and a Certificate in Business and Public Policy from the Wharton School at the University of Pennsylvania.


Read this featured article now.
To read this article and receive further updates on Henry Stewart Publications content please register using the form below.