Holly advises clients on a broad range of complex privacy, cybersecurity and data protection matters, including monitoring and assessing new and emerging requirements across the globe.

As a member of the firm’s top-ranked privacy and cybersecurity practice, Holly assists clients in identifying, evaluating and managing global privacy and information security risks and compliance issues. Holly works with clients to address privacy and data protection issues and manage data breaches and cybersecurity incidents.

Prior to joining the firm, Holly managed the data privacy program at a Fortune 500 company, where she advised on data privacy compliance and risk management for the company’s US and international operations. In this role, Holly was in charge of privacy program design, policy development, training and awareness, and risk assessments. Holly also advised the company’s chief information security officer on matters relating to cybersecurity and technology, including cybersecurity governance and incident response.

Holly also has extensive experience negotiating and documenting information technology and business process outsourcing transactions, as well as handling general commercial contracting matters. She frequently speaks before industry groups, legal organizations and educational institutions at conferences, seminars and other events. She also is adjunct professor of cybersecurity law at William & Mary School of Law, where she enjoys teaching the next generation of cybersecurity lawyers.

Relevant Experience

  • Advises on the development of comprehensive privacy compliance programs, including drafting online and offline privacy policies, procedures and notices.
  • Advises on cybersecurity risks, incidents and policy issues, including addressing cybersecurity preparedness issues.
  • Assists clients with complying with privacy and information security requirements, including under the California Consumer Privacy Act of 2018, HIPAA, state and federal security breach notification laws, the Payment Card Industry Data Security Standard, and other federal and state requirements.
  • Assists clients in developing vendor management programs, including evaluating and negotiating privacy and data security provisions and indemnities contained in vendor agreements.
  • Assists with the negotiation and documentation of commercial contracts, including software licensing, direct materials agreements, procurement agreements, and purchase, supply chain and logistics agreements.


  • Leadership Council, Sedona Conferences Working Group 11 on Data Security and Privacy
  • Member, International Information System Security Certification Consortium (ISC)2
  • Member, International Association of Privacy Professionals
  • Member, Virginia Bar Association

Awards & Recognition

  • Certified Information Systems Security Professional (CISSP); Certified Information Privacy Professional – Europe (CIPP/E); Certified Information Privacy Professional/Management (CIPM); Certified Information Privacy Technologist (CIPT)
  • Recipient, Gambrell Professionalism Award, 2009