In a contributed article in Dow Jones Risk Journal, data, privacy & cybersecurity partners Ed McNicholas and Rohan Massey, and counsel Edward Machin, authored an article outlining practical steps to preempt social engineering campaigns that increasingly target senior leaders through doxxing and extortion.
The authors explain how the widespread availability of personal data, including phone numbers, home addresses, and family details, enables threat actors to weaponize open‑source information.
They note U.K. legal avenues that may assist victims, including the Data Protection Act 2018, the Malicious Communications Act 1988, and the Protection from Harassment Act 1997, while observing that the U.S. sector‑specific approach often leaves gaps in executive protection.
Their recommendations emphasize multilayered resilience: periodic security reviews of executives’ home networks; strategic use of GDPR and U.K. GDPR “right to be forgotten” processes; privacy‑by‑design controls such as multifactor authentication, device encryption, and secure backups; targeted training for executives and families; and simulated doxxing and penetration tests to identify and remediate exposure.
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find out more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.