Bio

Elizabeth leads the firm’s Privacy & Data Security Practice Group, which has more than 25 years combined experience in the practice area. Her practice addresses all aspects of privacy and data security law, including compliance initiatives to address major legal requirements such as the California Consumer Privacy Act (CCPA), HIPAA, Gramm-Leach-Bliley Act, the FCRA, the Telephone Consumer Protection Act, CAN-SPAM, data security breach notification, the General Data Protection Regulation (GDPR), Privacy Shield and other international data transfer mechanisms, COPPA, VPPA, and others. Elizabeth has assisted clients with a wide variety of implementation projects including cloud computing, health information exchanges, patient portals, bring-your-own-device, mobile applications, location tracking, online behavioral advertising, direct marketing, and complex customer insights initiatives. She also helps clients with government agency inquiries pertaining to privacy and data security, such as HIPAA compliance reviews conducted by the U.S. Department of Health and Human Services.

Elizabeth regularly leads privileged assessments and investigations, such as forensic examinations, vulnerability and compromise assessments, and data security evaluations. Her team has addressed more than 500 data security breaches.

Elizabeth received her BA, magna cum laude, from Coe College as a Phi Beta Kappa graduate and her JD, cum laude, from Duke University. She also received her MEM from Duke University Nicholas School of Earth and Environmental Sciences.

Prior to entering private practice, Elizabeth was a law clerk for The Honorable William L. Osteen, U.S. District Court, Middle District of North Carolina.

Elizabeth writes extensively on privacy matters. Visit our privacy law blog to read her take on current data privacy-related events.

  • Triangle Business Journal, “50 To Watch in Business,” 2013
  • Business North Carolina, “Legal Elite – Under 40 Young Guns,” 2009, 2011; “Intellectual Property” 2019
  • Super Lawyers Magazine, “North Carolina Super Lawyers – Rising Star,” 2009-2017
  • Computerworld, “Best Privacy Advisers” report, 2008
  • Triangle Business Journal, “40 Under 40,” 2007
  • Triangle Catalyst, “Top 10 Under 35,” 2007
  • Triangle Privacy Research Hub: Director
  • North Carolina State Bar Privacy & Information Security Specialization Committee, Vice Chair
  • International Association of Privacy Professionals
  • North Carolina State Bar
  • North Carolina Bar Association
  • Lead data breach response for hundreds of clients arising from business email compromise, hacking, employee malfeasance, misdirected communications, physical break-ins, and other root causes.
  • Structured breach response programs and readiness exercises for global SaaS provider, global clinical research organization, and Fortune 500 professional services company.
  • Directed privileged forensic investigations, vulnerability assessments, and compliance reviews for clients in the retail, payments, financial services, life sciences, professional services, and technology sectors.
  • Drafted privacy policy for health care vendor engaged in real-time health surveillance and location tracking.
  • Advised clients on consolidation of multiple privacy legal schemes applicable to their business, such as HIPAA, CCPA, GDPR, GLBA, TCPA, CAN-SPAM, VPPA, and Part 2.
  • Advised clients regarding privacy and data security considerations for buy-side and sell-side mergers and acquisitions across various industries.
  • Advised retail, health care, and insurance clients regarding text and robocall compliance programs and TCPA-mitigation strategies.
  • Negotiated complex agreements involving data licensing, EMR integrations, media services including ad tech, and multimillion dollar technology services.
  • Advised global payments company on implementation of facial recognition as consumer authentication measure.
  • Implemented international data transfer mechanisms including model clauses and Privacy Shield for various clients, including several global technology vendors.
  • Privacy and Information Security Law Specialist, North Carolina State Bar Board of Legal Specialization
  • Certified Information Privacy Professional/United States (CIPP/US), International Association of Privacy Professionals
  • Hindsight is 2020: Annual Privacy Law Review, NCBA 2020 Annual Review, October 16, 2020
  • A Lawyer’s Role in Cyber Attacks, ACC Annual Meeting 2020, October 15, 2020
  • This Year in Privacy, NCBA Privacy and Data Security Section Annual Meeting, September 17, 2020
  • IAPP Privacy Tracker | Paging all health care privacy pros: CCPA deserves your attention despite HIPAA exemption.
  • Navigating a Watershed Law: CCPA, UNC Festival of Legal Learning, February 8, 2019
  • HIPAA Security Risk Analysis, Client CLE, January 23, 2019
  • Data Breach Response and Emerging Privacy Law, VACO, January 22, 2019
  • HIPAA Basics, Client CLE, January 18, 2019
  • Data Security Laws and Risk Management, Client CLE, November 30, 2018
  • CCPA: Key Requirements and Areas of Confusion, IAPP Knowledgenet, November 28, 2018
  • Paging All Healthcare Professionals: The CCPA Deserves Your Attention, International Association of Privacy Professionals, November 9, 2018
  • Annual Privacy Law Review, NCBA, October 25, 2018
  • Fintech and Consumer Relationships, Bank Directors’ Forum, North Carolina Commissioner of Banks, October 12, 2018
  • OCR Enforcement and Priorities, Client CLE, August 27, 2018
  • Panel on Cybersecurity, UNC, February 9, 2018
  • Panel on Security Breach Preparation, NCBA, January 26, 2018
  • GDPR: Practical Implementation and Hype, Association of Corporate Counsel, November 16, 2017
  • Panel on Data Analytics in Health Research, UNC, October 26, 2017
  • Annual Privacy Law Review, NCBA, October 19, 2017
  • Showcase Showdown: HIPAA Enforcement, Client CLE, October 10, 2017
  • Panel on HIPAA Enforcement, NC Society of Health Care Attorneys, October 6, 2017
  • OCR Enforcement and Patient Outreach, Client CLE, October 3, 2017
  • Data Breach Practice Tips, Association of Corporate Counsel, September 27, 2017
  • FTC Enforcement and Priorities, Client CLE, September 7, 2017
  • OCR HIPAA Audits, Association of Corporate Counsel, July 13, 2017
  • Emerging Privacy Issues in Health Care, Academic Medical Center Privacy and Security Forum, NCMICA, June 14, 2017
  • NC Technology Association: State of Technology, General Data Protection Regulation Preparedness Panel, May 5, 2017
  • Sentinel Risk Advisors: Cyber Risk Management and Preparedness, February 28, 2017
  • Wake Forest University: Banking Law Symposium Cybersecurity Panel, February 10, 2017
  • Campbell University, Privacy Law Seminar, February 7, 2017
  • NC Bar Association: Annual Corporate Counsel Meeting, Data Breach Response Panel, January 27, 2017
  • WRAL TechWire Executive Exchange: The Future of Mobile Health, September 27, 2016
  • Cybersecurity for Corporate Directors, Research Triangle Chapter of the National Association of Corporate Directors, September 15, 2016
  • Cyber Attack: Vulnerabilities and HR Compliance, NC Chamber HR Compliance Conference, September 14, 2016
  • Cybersecurity Risk and Preparedness, Joint Presentation with FBI, Hughes Pittman Gupton Annual Client Event, July 21, 2016
  • Data Wars: Emerging Trends and Risk in Privacy and Data Security Law, Manpower Legal Group Annual CLE Event, July 14, 2016
  • Academic Medical Centers’ and Business Associates’ Complex Privacy & Data Security Compliance, NCHICA Academic Medical Center Conference, June 28, 2016
  • Key Issues & Ingredients of Compliant & Effective Information Governance, NCHICA Academic Medical Center Conference, June 27, 2016
  • Cyber, Lawyers, and Risk: Where We Are Headed in 2016, Blue Cross Blue Shield North Carolina Annual IT Summit, March 17, 2016
  • Best Legal Practices for Information Security and Privacy, Advising private and governmental clients – NC State Lawyers Alumni Annual Meeting, October 30, 2015
  • The Data Breach Files: Your Data Is Out There, Blue Cross Blue Shield North Carolina Annual Legal Summit, October 16, 2015
  • HIPAA Security Risk Analysis and Enforcement, NC AHHC Annual Meeting, September 28, 2015
  • Cyber Security in Vendor Relationship Management, Blue Cross Blue Shield Association Annual Summit, September 22, 2015
  • Here Come the Other Feds: FTC Enforcement in Privacy and Data Security, NC Bar Association, Health Law Section Annual Meeting, April 23, 2015
  • Panel Member, Triangle Business Journal's Cyber Security Symposium, April 16, 2015
  • Cyber Security: U.S. Legal Update, British American Business Council, March 9, 2015
  • Emerging Privacy and Security Risks in Ecommerce, ROI, February 2015
  • Data Breach Response, NC League of Municipalities Annual Managers Meeting, February 5, 2015
  • The Role of In-House Counsel Before, During and After a Data Breach, NC Bar Association, Corporate Counsel Annual Meeting, January 30, 2015
  • Parade of Horribles: Update on 2014 Privacy and Data Security Enforcement, Carolina Privacy Officials Network, January 24, 2015
  • HIPAA Bingo: Everyone’s a Loser, Carolina Privacy Officials’ Network Annual Meeting, January 23, 2015
  • Security Breach Response Overview: Legal Requirements and Response Tips, North Carolina League of Municipalities, Fall 2014
  • Security Compliance and Strategy: Key Issues to Survive Agency Audits, North Carolina Healthcare Facilities Association, August 5, 2014
  • Hispanic National Bar Association Corporate Counsel Section, Privacy Law Update, November 21, 2013
  • Campbell Law Review Annual Symposium, Keynote Speaker, October 18, 2013
  • North Carolina League of Municipalities, Breach Notification and Information Security Legal Requirements, October 14, 2013
  • North Carolina Assisted Living Association, The Final Omnibus HIPAA/HITECH Rules: What They Mean for You, October 9, 2013
  • RTP CFO Forum, Hackers and Spammers and Malware, Oh My! Pulling Back the Curtain on Cyber Security and Breach, August 2, 2013
  • Hughes Pittman Gupton Annual Client Seminar, Privacy and Information Security: An Update on Legal Risks and Requirements, July 11, 2013
  • North Carolina Medical Society, New HIPAA/HITECH Rules: Strategy and Risk Mitigation (Part II), May 23, 2013
  • Association of Home and Hospice Care, The Final Omnibus HIPAA/HITECH Rules: What They Mean for You, March 26, 2013 and April 5, 2013
  • International Association of Privacy Professionals, Privacy Summit, The Art of BYOD Implementation: A Case Study at the World’s Largest Employer, March 7, 2013
  • UNC Festival of Legal Learning, Breach Notification and Security Legal Requirements, February 8, 2013
  • Carolina Privacy Officials Network, Blink and You Missed It: Recap of 20 Major Privacy Events from Last 60 Days, January 21, 2013
  • Consero, Corporate Compliance and Ethics Forum, Privacy and Data Security Panel, October 28, 2012
  • Hughes Pittman Gupton/Poyner Spruill Client Event, Cybersecurity Panel, September 27, 2012
  • Peak 10 Forum, Cloud Computing Compliance Panel, August 23, 2012
  • North Carolina Bankers Association, Security Summit, Emerging Legal Requirements in Information Security, May 10, 2012
  • North Carolina Medical Society, New HIPAA/HITECH Rules: Compliance and Implementation (Part I), May 9, 2012
  • MD HIMSS Spring Conference: Emerging Legal Risks in Social Media for Health Care Providers, April 26, 2012
  • Guest Lecturer, Privacy Law Seminar, University of North Carolina School of Law, 2008-2012
  • NCTA's State of Technology: Big Data – Privacy and Security, April 13, 2012
  • NCHIMA Spring Meeting: Emerging Legal Risks in Social Media for Health Care Providers, April 13, 2012
  • NCHCFA “All Things Audit” Conference: OCR HIPAA Audits: What to Expect and How to Prepare, April 9, 2012
  • RTP CFO Forum: Emerging Privacy and Data Protection Requirements and Risks, April 6, 2012
  • VACO Event: Managing Social Media in the Workplace, March 21, 2012
  • CPON Data Privacy Day Symposium: Proposed Revisions to EU Data Protection Directive, January 28, 2012
  • Cherry, Bekaert & Holland, Critical Times & Critical Issues: Solutions to Financial & Operational Challenges, Emerging Privacy and Security Risks, December 7, 2011
  • Twin Cities Privacy Network, Minnesota Health Privacy Summit, Social Media and Mobile Devices in Health Care, November 30, 2011
  • The Advisory Group, Key Steps to Help Avoid a Major Privacy or Security Headache, November 2, 2011
  • UNC-C Annual Cybersecurity Symposium, The Good, the Bad, and the Really, Really Ugly: in Federal Legislative Proposals and Government Initiatives, October 11, 2011
  • NCHICA Annual Meeting, Identification and Management of Emerging Legal Risks in Social Media, September 26, 2011
  • ISACA RTC Emerging Risks and Requirements in Information Privacy and Security, September 7, 2011
  • NCTA Emerging Technologies & Trends Series "Connecting Your Workforce Through Mobile Apps", Panel Moderator, June 23, 2011
  • Peak 10 Presentation, Security Risk and Compliance in the Cloud, April 21, 2011
  • East Coast Game Conference, Ten Steps to Avoid a Major Privacy or Security Breach, April 13, 2011
  • State Capital Law Group Annual Meeting, Navigating Social Media on the Internet: Legal, Practical and Ethical Issues Involved When Deploying Online Resources in Your Legal Practice, March 18, 2011
  • Twin Cities Privacy Retreat, "Risk of Harm" Considerations in Data-Breach Notification, February 25, 2011
  • UNC Festival of Legal Learning, Privacy and Information Security for Legal Service Providers, February 11, 2011
  • CPON: Data Privacy Day Symposium, Emerging Risk and Compliance as the Practice of Law Gets Social (Online), January 28, 2011
  • Intellectual Exchange Group, CIO Roundtable on HIPAA Compliance, Panel Moderator, January 25, 2011
  • Triangle Interactive Marketing Association Lunch and Learn, Ten Steps to Help Avoid a Major Privacy or Security Headache, January 12, 2011
  • Advising the Business Owner Seminar, Emerging Privacy and Security Risks, November 18, 2010, December 1, 2010, and December 9, 2010
  • Internet Summit 10, Ten Steps to Avoid a Major Privacy or Security Breach, November 17, 2010
  • 11th Annual Cyber Security Symposium, UNC Charlotte, Legally-Defensible Security: What New Laws and Emerging Risks Mean for Your Information Security Program, November 2, 2010
  • Association for Home and Hospice Care Annual Leadership Conference: It's Not a Day at the Beach – HITECH: What Agencies Need to Know, October 19, 2010
  • Nova E-Discovery Panel: Practical Guide to Corporate e-Discovery, October 5, 2010
  • NCHICA Annual Meeting: HITECH Act Breach Notification – Preparing Effectively for Tomorrow's Security Breach by Mitigating Today's Risks, September 15, 2010
  • NCTA Emerging Tech and Trends Panel, Cybersecurity, August 18, 2010
  • Data Privacy Day: CPON Symposium – So Much for F2F: Privacy Compliance & Risk as Businesses Go Virtual, January 21, 2010