Molly is a member of the firm’s Privacy & Data Security practice group. She advises clients on matters including data breach notification and compliance with state and federal laws that impact collection, storage, use, sharing, and protection of personal information, such as the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), CAN-SPAM, the Children’s Online Privacy Protection Act (COPPA), laws regulating data brokers, and laws governing website and mobile application privacy policies.
Molly also counsels clients on a broad spectrum of HIPAA compliance-related matters, including assessing HIPAA applicability, drafting HIPAA policies and procedures, responding to data requests from the U.S. Department of Health and Human Services Office for Civil Rights, evaluating data breach notification obligations when protected health information is compromised, drafting and negotiating business associate agreements, training workforce members, and conducting HIPAA security assessments and risk analyses.
She helps clients assess the privacy and data security risks associated with new initiatives, including by assisting clients with the identification and implementation of risk-mitigating controls and providing proactive strategic advice based on forthcoming laws. She also regularly advises international and U.S.- based clients on the applicability and requirements of the EU General Data Protection Regulation (GDPR). She prepares privacy policies to align with the U.S.- and GDPR-required content while minimizing legal risk associated with those laws. In addition, she provides strategic advice related to contracting and facilitating the lawful transfer of personal data outside of the EU.
Molly received her B.A., cum laude from Wake Forest University and her J.D. with honors from UNC School of Law. During law school, Molly was an Articles Editor for the North Carolina Law Review, as well as a Dean’s Fellow and an Honors Writing Scholar. She also received the Gressman-Pollitt Award for Excellence in Oral Advocacy. Molly served as a law clerk to the Honorable Robert N. Hunter, Jr. on the Supreme Court of North Carolina and the North Carolina Court of Appeals before entering private practice.
Molly writes extensively on privacy matters. Visit our privacy law blog to read her take on current data privacy-related events.
- Listed among North Carolina Super Lawyers Rising Stars (2023)
- Listed among Business North Carolina Magazine Legal Elite: Young Guns (2022)
- International Association of Privacy Professionals
- NC Tech Association – Board of Advisors
- North Carolina State Bar
- North Carolina Bar Association – Privacy and Data Security Section Council
- Wake County Bar Association
- Advised international pharmaceutical development company on GDPR compliance posture to facilitate expansion of clinical trials in the European Union.
- Updated standard contract terms for clients in a wide variety of industries to incorporate the European Commission’s revised set of Standard Contractual Clauses.
- Advised multinational financial services company on breach notification obligations stemming from a data breach affecting customers residing in all 50 states.
- Drafted HIPAA privacy, security, and breach notification policies and procedures for clients in healthcare, retail, and ad tech sectors.
- Conducted HIPAA security assessments and risk analyses for covered entities and business associates.
- Assisted in major compliance assessments for Fortune 500 pharmacy chain.
- Drafted privacy policies to address CCPA notification requirements for an international media company.
- Negotiated controller and processor-side data processing contracts for GDPR compliance.
- Certified Information Privacy Professional, U.S. (CIPP/US), International Association of Privacy Professionals (IAPP), 2015-Present
Recent posts from our privacy and data security blog, Practical Privacy.
- Second Bite at the Apple: Apple’s Account Deletion Requirement Finally Goes into Effect. Is Your Mobile App Compliant?
- Ignore Evolving Security Threats at Your Own Risk: OCR Raises Stakes on Cybersecurity in the Health Care Sector
- 5 Key Takeaways from the EDPB’s Final Guidelines on Examples Regarding Personal Data Breach Notification
- Transfer Tedium: Adapting the New SCCs to Account for Transfers from Switzerland and the UK
- Work in Progress: Substantial Revisions Recommended to the European Commission’s Draft New Standard Contractual Clauses
- Here We Go Again: New Consumer Privacy Law Passed in California Through Ballot Initiative
- Zoom and Gloom: Early CCPA Lawsuits Against Zoom Seek to Expand Private Right of Action
- Nevada’s New Privacy Law: More Bark than Bite
- “Legally Required Impact Assessments: How to Do It Right,” NCBA Privacy and Data Security Section Annual Meeting, October 28, 2021
- “Data Security and Data Breach: Legal Update, Tips & Trends,” Tryon Title Agency Annual CLE, September 19, 2019