Overview

Holly advises clients on a broad range of complex privacy, cybersecurity and data protection matters, including monitoring and assessing new and emerging requirements across the globe. As a member of the firm’s top-ranked privacy and cybersecurity practice, Holly assists clients in identifying, evaluating and managing global privacy and information security risks and compliance issues. Holly works with clients to address privacy and data protection issues and manage data breaches and cybersecurity incidents.

Prior to joining the firm, Holly managed the data privacy program at a Fortune 500 company, where she advised on data privacy compliance and risk management for the company’s US and international operations. In this role, Holly was in charge of privacy program design, policy development, training and awareness, and risk assessments. Holly also advised the company’s chief information security officer on matters relating to cybersecurity and technology, including cybersecurity governance and incident response.

Holly also has extensive experience negotiating and documenting information technology and business process outsourcing transactions, as well as handling general commercial contracting matters. She frequently speaks before industry groups, legal organizations and educational institutions at conferences, seminars and other events. She also is adjunct professor of cybersecurity law at William & Mary School of Law, where she enjoys teaching the next generation of cybersecurity lawyers.

Experience

  • Advises on the development of comprehensive privacy compliance programs, including drafting online and offline privacy policies, procedures and notices.
  • Advises on cybersecurity risks, incidents and policy issues, including addressing cybersecurity preparedness issues.
  • Assists clients with complying with privacy and information security requirements, including under the California Consumer Privacy Act of 2018, HIPAA, state and federal security breach notification laws, the Payment Card Industry Data Security Standard, and other federal and state requirements.
  • Assists clients in developing vendor management programs, including evaluating and negotiating privacy and data security provisions and indemnities contained in vendor agreements.
  • Assists with the negotiation and documentation of commercial contracts, including software licensing, direct materials agreements, procurement agreements, and purchase, supply chain and logistics agreements.

Accolades

Honors & Recognitions

  • Certified Information Systems Security Professional (CISSP); Certified Information Privacy Professional – Europe (CIPP/E); Certified Information Privacy Professional/Management (CIPM); Certified Information Privacy Technologist (CIPT)
  • Recipient, Gambrell Professionalism Award, 2009

Affiliations

Professional

  • Leadership Council, Sedona Conferences Working Group 11 on Data Security and Privacy
  • Member, International Information System Security Certification Consortium (ISC)2
  • Member, International Association of Privacy Professionals
  • Member, Virginia Bar Association

Insights

Events & Speaking Engagements

  • March 13, 2023
    Event
    Speaker
    Data Privacy and Cybersecurity, NABCA Legal Symposium
  • October 26, 2022
    Event
    Speaker
    The Heart of AI and Your Biggest Risk: Data Set Creation and Acquisition, Berkeley AI Institute
  • April 22, 2021
    Event
  • March 30, 2021
    Event
  • December 2019
    Event
    Co-chair
    Today’s General Counsel Institute Data Privacy and Cybersecurity Forum
  • October 2019
    Event
    Speaker
    Data Privacy & Compliance, International Economic Development Council Webinar
  • September 2019
    Event
    Speaker
    Data Security and Privacy Case Law Update, Sedona Conference Data Privacy and Cybersecurity Conference
  • September 2019
    Event
    Speaker
    Data Security for Law Firms, IAPP’s Privacy. Security. Risk. Conference
  • June 2019
    Event
    Speaker
    Incident Response Preparation for Law Firms, ABA’s Fourth National Institute on Cybersecurity and Data Protection
  • June 2019
    Event
    Speaker
    Mock Tabletop Exercise, ABA’s Fourth National Institute on Cybersecurity and Data Protection
  • November 2018
    Event
    Speaker
    GDPR and Beyond, AEA IT Audit Directors Conference
  • October 2018
    Event
    Speaker
    Privacy by Design Starts Here: Assessing Privacy Risk, IAPP’s P.S.R. Conference
  • October 2018
    Event
    Speaker
    I’m A Lawyer: How Can I Advise on Data Security Issues?, IAPP’s P.S.R. Conference
  • May 2018
    Event
    Event Co-Chair
    Today’s General Counsel Data Privacy and Cybersecurity Forum
  • April 2018
    Event
    Speaker
    I’m a Lawyer: How Can I Advise on Data Security Issues?, IAPP’s Privacy Summit
  • March 2018
    Event
    Speaker
    A Day in the Life of a Cybersecurity Professional, A Day at the Breach Conference
  • October 2017
    Event
    Speaker
    I’m a Lawyer: How Can I Advise on Data Security Issues?, IAPP’s P.S.R. Conference
  • May 2017
    Event
    Speaker
    Today’s General Counsel Data Privacy and Cybersecurity Forum
  • April 2017
    Event
    Speaker
    Third-party Cybersecurity Risk, Virginia Cybersecurity Partnership Event
  • March 2017
    Event
    Speaker
    Cybersecurity and Data Privacy Overview, Association for Information and Image Management Event
  • November 2016
    Event
    Speaker
    Nexus Between eDiscovery and Cybersecurity, Georgetown Law’s Advanced eDiscovery Institute Conference
  • October 2016
    Event
    Speaker
    Cybersecurity Preparedness – The Evolving Role of In-House Counsel, VBA Corporate Counsel Forum
  • September 2016
    Event
    Speaker
    The First 48 Hours: A Simulated Data Breach, Northwestern School of Law’s Corporate Counsel Institute Conference
  • May 2016
    Event
    May 2016
    Today’s General Counsel Data Privacy and Cybersecurity Forum
  • April 2016
    Event
    Speaker
    Cybersecurity Preparedness – The Evolving Role of In-House Counsel, Association of Corporate Counsel Event
  • February 2016
    Event
    Speaker
    Mock Data Breach Scenario, ABA National Institute of Cybersecurity Conference

News

Education

JD, William & Mary Law School, Order of the Coif, 2009

BA, Eastern New Mexico University, summa cum laude, 1997

Admissions

Virginia

Jump to Page