Smith Anderson has announced that Holly Benton, former Associate Director for Privacy Risk in Duke University’s Office of Audit, Risk and Compliance, has joined the firm’s Data Use, Privacy and Security practice team as Counsel. Holly’s addition expands the team’s bench strength in an area of law that impacts all businesses and industries, and which is not only the fastest growing segment in law, but is already the largest market segment in law, according to BTI Practice Outlook 2020 analysis.
The firm’s Data Use, Privacy and Security team helps clients to identify their risks and to design, implement and manage regulatory compliance programs for their business. Team members’ previous backgrounds including Chief Privacy Officer and Chief Information Security Officer roles merges privacy law, cybersecurity, regulatory compliance, technology law and licensing, commercial contracting and dispute management, yielding Smith Anderson the ability to advise businesses on all aspects of data management and commercialization.
During Holly’s time at Duke, she led a new privacy risk initiative to identify and assess information asset risk management gaps and provided assurance on matters related to safeguarding Duke’s sensitive information assets. She played a key role in facilitating compliance with federal, state and global privacy regulations (including the GDPR, HIPAA, FERPA and CCPA) and helped develop and advise on related policies and procedures. Prior to her role at Duke, Holly served as Assistant Chief Privacy Officer and Interim Chief Privacy Officer for the University of North Carolina at Chapel Hill’s Information Technology Services department.
Holly is certified as an Information Privacy Professional/United States (CIPP/US) and in Health Care Privacy Compliance (CHPC) and is a sought-after presenter at industry conferences.
“We are thrilled Holly has chosen to bring her years of data privacy and security experience to Smith Anderson,” said privacy and security practice leader Joe Dickinson. “Holly’s leadership and proven ability to provide practical advice to clients on complex privacy laws and regulations within an ever-evolving global, federal and state legal landscape will be instrumental in supporting our clients in their efforts to achieve business objectives while managing privacy and cybersecurity obligations.”
Additionally, attorneys within the practice assist in preparing policies and procedures, privacy due diligence, risk management, preparing for and responding to data incidents and breaches, cybersecurity investigations, privacy and data security disputes, and corporate transactions that involve data access and transfers.