Lucy Thomson

Lucy Thomson brings a wealth of law enforcement, compliance, and healthcare experience and insight to her practice advising government and commercial clients on legal and technology issues related to cybersecurity, global data privacy, cloud computing, and electronic health records.  Previously a senior engineer at a global technology company, she served as an Information System Security Officer (ISSO) and Privacy Advocate, conducting risk assessments, privacy impact assessments, and information security and privacy compliance reviews on the government’s two largest technology modernization projects: Customs and Border Protection (CBP-ACE) and the Internal Revenue Service (IRS).

Ms. Thomson is Chair of the American Bar Association (ABA) Section of Science & Technology Law (SciTech), widely considered the global authority on science and technology law.  She is editor of the ABA best-selling Data Breach and Encryption Handbook (2011) that provides a roadmap through the requirements of all the state data breach notification statutes and HITECH, analyzes the security failures of the major data breaches, and demystifies encryption for business owners, IT professionals and lawyers.  This year she authored a chapter on Information Security and Privacy Challenges in Bioinformatics for a forthcoming ABA book. A frequent speaker on information security and privacy, Ms. Thomson organized and moderated panels on the data breach laws at the RSA 2010, 2011 and 2012 conferences.

A career federal criminal prosecutor, she served in senior litigation positions in the Criminal and Civil Rights Divisions of the U.S. Department of Justice. There she prosecuted Medicare and consumer fraud cases, and civil rights cases resulting in landmark decisions. Beginning her career at the U.S. Department of Health, Education and Welfare, she organized some of the largest civil rights investigations of healthcare providers and public schools ever conducted by the Office for Civil Rights (OCR), the office now responsible for enforcing the HIPAA security and privacy rules and HITECH.

A Certified Information Privacy Professional (CIPP/G), Ms. Thomson’s extensive privacy expertise has led to her appointment as Consumer Privacy Ombudsman (CPO) in 14 federal bankruptcy cases.  She has overseen the disposition of 200 million electronic consumer records and developed security and privacy standards that were adopted by the courts in some of the largest bankruptcy cases, including JK Harris, Coach America, and Circuit City.  As a legal advisor to the APEC Data Privacy Pathfinder Project, she has focused on implementation issues for the APEC Privacy Framework through the development of Accountability Agents and Enforcement Authorities in Chile, Indonesia, Malaysia, Peru, the Philippines and Vietnam.

Ms. Thomson earned a master’s degree from Rensselaer Polytechnic Institute IRPI) in 2001, and holds a J.D. degree from the Georgetown University Law Center.