Cybersecurity and Incident Response in Europe - State of Play

Rohan Massey is a leader of the firm’s Data, Privacy and Cybersecurity practice and focuses his practice on data protection, data security, e-commerce, and IT. As well as advising on complex global data protection and security compliance programs, Rohan also advises on issues of risk and value in relation to data and intellectual property in corporate transactions. Rohan’s expertise focuses on the intersection of the extra-territorial scope of national data protection laws and data transfer issues for multinational organisations. Rohan has advised on a number of leading breach data management cases, and has assisted clients in successfully obtaining BCR approval from EU regulators. His industry-focused expertise covers asset management and financial services; life sciences and clinical trials; as well as media, sponsorship, advertising, sales promotions, and intellectual property issues, marketing issues in the sports apparel and food and drink sectors. His client base is international in scope, as he works extensively across Europe, the U.S. and Asia.
Rohan has recently been elected to Chair of the Sedona Conference’s 12th Annual Sedona Conference International Programme, and sits on The Sedona Conference’s WG 11. The mission of WG11 is to identify and comment on trends in data security and privacy law, in an effort to help organizations prepare for and respond to data breaches, and to assist attorneys and judicial officers in resolving questions of legal liability and damages.
Rohan is also the Secretary of the City of London Law Society Commercial Committee, and a member and active participant of the IAPP, having spoken at numerous conferences and events.
Rohan regularly writes for various industry publications. He is also a member of the editorial board of E-Commerce Law and Policy.
Articles Rohan has authored or co-authored include: “The UK’s Proposed Framework Code of Practice for Sharing Information,” World Data Protection Report; “Transfers of Clinical Research Data from the European Union to the United States,” BNA’s Medical Research Law and Policy Report; “The Growing Concerns of Identity Theft,” Electronic Business Law; “Sales Promotion in The International Sales and Marketing Practice,” Practical Law Company; “Ambush Marketing,” International Chamber of Commerce UK Handbook; “The Distance Marketing of Financial Services – A UK Overview,” Journal of Financial Services Marketing. Rohan also contributes to “Law in Action” on BBC Radio 4. World Trademark Review 1000 2016 – Recognized Rohan as being a “licensing and IP transactions cognoscente” who “manoeuvres shrewdly in the heavily regulated alcoholic beverage sector and backs up his IP know-how with expertise in ancillary areas such as privacy.”

Robert Maddox is a member of Debevoise & Plimpton LLP’s Data Strategy & Security practice and White Collar & Regulatory Defense Group in London. His practice focuses on cybersecurity incident preparation and response, data protection and strategy, internal investigations, compliance reviews, and regulatory defense. In 2021, Mr. Maddox was named to Global Data Review’s “40 Under 40”. He is also described as “a rising star” in cyber law by The Legal 500 US (2022).
Mr. Maddox’s experience includes advising companies on matters involving, among others, the UK Serious Fraud Office, Financial Conduct Authority and Information Commissioner’s Office, U.S. Department of Justice, Securities and Exchange Commission, and National Futures Association, Irish Data Protection Commission, New York Department of Financial Services, Gibraltar Regulatory Authority, and the Luxembourg Commission de Surveillance du Secteur Financier and Commission Nationale pour la Protection des Donn?es.
Mr. Maddox joined Debevoise in 2013. He holds an M.A. in law from the University of Cambridge and an LL.M. (Corporate & Financial Services Law, First Class) from the National University of Singapore, where he was a Faculty Graduate Scholar. He completed the Legal Practice Course in 2011 with Distinction.
Prior to entering private practice, Mr. Maddox interned on the defence team of Thomas Lubanga Dyilo, the first individual to stand trial before the International Criminal Court in The Hague. He has also worked with the Texas Defender Service, a non-profit law firm representing indigent individuals facing capital punishment in the state of Texas.

Laurance Dine is a technical cybersecurity leader with more than 20 years of experience in digital forensics, incident response and leading global cyber defence teams.
Prior to joining FTI Consulting, Mr. Dine was a Partner and the Global Lead of X-Force IRIS Incident Response at IBM, where he helped clients build and manage integrated security programmes to protect their organisations from global threats. He provided response services during cyber crisis incidents and advised business leaders on all facets of incident management and recovery from preparation through to full remediation. As a recognised thought leader and subject matter expert in incident response and certified expert witness in multiple jurisdictions, Mr. Dine brings his intellectual capital to bear by testifying in both civil litigation and criminal prosecutions.
Before joining IBM, Mr. Dine spent several years as a Managing Principal at Verizon UK Limited, overseeing the delivery of digital forensics and incident response projects across Europe, the Middle East and Africa. Notably, he doubled the region’s revenue in his first year and maintained an increase for three consecutive years. Mr. Dine often spoke on the topic of digital forensics, incident response and security, in addition to being quoted in numerous published articles.
Mr. Dine previously served as Director at BTG Global Risk Partners, where he was responsible for the overall direction and management of staff for several complex computer forensic investigations, including the direction of post-settlement remediation. As a Director at Hobs Legal Docs, Mr. Dine developed the computer forensic service line in the United Kingdom and Europe and managed forensic technology projects, including forensic data collection, full technical investigations, electronic data processing and electronic reviews.