LucyL. Thomson, Esq. CISSP, is the founding principal of Livingston PLLC, a Washington, D.C. law firm where she focuses her practice on legal and technology issues related to cybersecurity, global data privacy, and compliance and risk management.
She helps organizations develop and implement practical solutions to address themultitude of complex security challenges arising from new technologies, and to preventand respond to data breaches and secure critical infrastructure.
Previously a senior engineer at CSC, a global technology company, she gained extensive hands-on experience conducting privacy and risk assessments and developing FISMA security plans on two of the government’s largest technology modernization projects—Customs and Border Protection (CBP-ACE) and the Internal Revenue Service (IRS). While at CSC she was appointed a Department of Homeland Security (DHS) Information System Security Officer (ISSO). A career attorney at the U.S. Department of Justice, Ms. Thomson managed and conducted complex litigation in the Criminal and Civil Rights Divisions where she obtained convictions in complex white-collar crime cases, including Medicare and consumer fraud, and landmark decisions in civil rights cases.
Appointed Consumer Privacy Ombudsman in 25 federal bankruptcy cases, she is responsible for evaluating the sale of “assets” consisting of sensitive personal information and has overseen the disposition of more than 250 million electronic consumer records. Her assessment of the work of the consumer privacy ombudsman, Sensitive Personal Data for Sale in Bankruptcy—A Retrospective on the Consumer Privacy Ombudsman, was published in the American Bankruptcy Institute (ABI) Journal (June 2015). Her further work on privacy risks in bankruptcy cases, Sensitive Personal Data for Sale in Bankruptcy—An Uncertain Future for Privacy Protection, is featured in the Norton AnnualSurvey of Bankruptcy Law, 2017 Ed.
In the American Bar Association (ABA), Ms. Thomson has been elected to the House of Delegates since 2004. She is an ABA Life Fellow and has served on the Standing Committee on the Law Library of Congress and as ABA Advisor to the Uniform Law Commission (ULC). She was a member of the National Conference of Lawyers and Scientists at the American Association for the Advancement of Science (AAAS) (2009-11).
She is a past chair of the ABA Section of Science & Technology Law (2012-13) and a member of the Cybersecurity Legal Task Force. She founded and co-chaired SciTech’s Security, Privacy, and Information Law Division and is a founder and past co-chair of its Homeland Security and e-Discovery and Digital Evidence Committees. With other SciTech leaders she organized the ABA 2016, 2017 and 2018 Internet of Things (IoT) National Institutes that provided a comprehensive look at the complex legal and national security challenges of the world’s most pervasive emerging technology. She addressed global cybersecurity risks at the ABA Homeland Security Law Institutes. As SciTech Chair she led an in-depth investigation of the opportunities, challenges, and risks of the mobile transformation.
A prolific writer, Ms. Thomson is editor of the ABA Data Breach and Encryption Handbook, a contributing author to the ABA Cybersecurity Handbook (2d Ed.) and Homeland Security and Emergency Management (3d Ed.), and author of articles and book chapters on homeland security, emergency management, big data/AI and IoT security, mobile device security, cyber insurance, hacking democracy, and health care, bioinformatics and authentication of digital evidence in court. She is co-author of the ABA Vendor Contracting Cybersecurity Checklist, developed as an ABA collaboration with the U.S. Treasury Department to help organizations strengthen their security posture by addressing third party risk.
Internationally, Ms. Thomson served as a Legal Advisor to the United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT), the Asia-Pacific Economic Cooperation (APEC), and the Association of Southeast Asian Nations (ASEAN). For APEC, she focused on implementing the APEC Privacy Framework in Peru, Chile, Indonesia, Malaysia, the Philippines, Thailand, and Vietnam, and presented a report on her capacity-building privacy work at the senior officials meeting in Jakarta, Indonesia.
Ms. Thomson received a Master’s degree from Rensselaer Polytechnic Institute (RPI) in 2001, earned the CISSP and CIPP/US certifications, and holds a J.D.degree from Georgetown. An avid sailor, she races her J80 sailboat on the Chesapeake Bay.