Full Profile
Johnson advises a variety of clients on cyber incident response, data protection liability and cyber coverage issues.
Johnson’s experience includes acting as breach coach following major cyber incidents. He has extensive experience supporting organisations recover from cyber incidents, including engaging with regulatory authorities, supporting notification campaigns, and dealing with post-incident issues, including regulatory complaints and data-protection claims. His wide-ranging experience also includes engaging with the Information Commissioner’s Office, as well as the Solicitors Regulation Authority and Financial Conduct Authority in the UK, and the Office of the Privacy Commissioner in New Zealand.
Notable instructions include acting for insurers and insureds following large scale cyber incidents such as the Kaseya VSA and MoveIT breaches, advising insurers on coverage for the largest ransomware incident in New Zealand, and acting for a global retailer following a business email compromise resulting in USD850,000 in misdirected funds.
Johnson has also completed a long-term secondment with a major global insurer in New Zealand, giving him valuable insight into what insurers require to ensure efficient claims handling and client service.
Johnson is admitted as a Barrister and Solicitor to the High Court of New Zealand.
Experience
- Cyber – providing regular advice to organisations based outside of the UK/EU regarding the extraterritorial scope of the GDPR (Article 3).
- Cyber – providing regular advice to organisations on the mandatory reporting obligations pursuant to the GDPR (Articles 33 and 34).
- Cyber – regularly acting as breach coach for companies following any cyber incidents and personal data breaches, including notifications to and engagement with regulators including the Information Commissioner’s Office, Financial Conduct Authority, and the Solicitors Regulatory Authority.
- Cyber – Acting as breach coach following a ransomware incident on security and access card company, including engagement with regulators and law enforcement, dealing with arising claims, and engagement with data controllers.
- Cyber – Acting as coverage counsel following a ransomware event on a major healthcare provider in New Zealand, being one of the largest ransomware events in New Zealand to date.
- Cyber – acting for a US multinational non-profit following the disclosure of its donor list (including GDPR Special Category Data), including providing Article 3 GDPR advice, and coordinating the subsequent notification to the ICO and 16 separate EU regulators.
