Holly Benton practices data use, privacy and cybersecurity law and provides strategic advice to clients to on information lifecycle management and the ever evolving state, federal and global information privacy landscape. Holly’s focus is on assisting clients with identifying their unique profile of privacy and data protection risks, implementing and managing risk-based privacy programs to address those risks, and facilitating compliance with applicable privacy and data protection laws. She regularly serves as a subject matter leader for mergers and acquisitions and on contractual matters involving cross-border data flows and counsels companies and non-profit organizations on CCPA, GDPR, HIPAA, FERPA, state breach notification laws and emerging state, federal and global laws, including developing and advising on related policies and procedures and drafting related contracts and agreements.
Holly presents at industry conferences and is certified as an Information Privacy Professional/United States (CIPP/US) and in Health Care Privacy Compliance (CHPC®).
Prior to joining Smith Anderson’s Data Use, Privacy and Security group, Holly held multiple information privacy roles, including Privacy Officer, at two tier one research universities. Instrumental in developing collaborative approaches to addressing compliance requirements, she led privacy risk initiatives to identify and assess institutional information asset risk management gaps to inform safeguarding efforts and support institutional data governance, and she played a key role in facilitating compliance with federal, state and global privacy regulations and developing and advising on related policies and procedures and training. Holly understands firsthand the complexities and challenges organizations face both in identifying their unique privacy and data protection risk profile and in addressing their related compliance obligations and partners with clients to navigate these challenges and manage to the continually evolving privacy and data protection compliance landscape.
*NOT ADMITTED TO PRACTICE IN NORTH CAROLINA
Professional & Community Affiliations
Health Care Compliance Association
- Certified in Health Care Privacy Compliance (CHPC)
International Association of Privacy Professionals
- Certified Information Privacy Professional/United States (CIPP/US)
Honors & Awards
- Rising Star, Washington Journal of Law & Politics (2002-2003)
- Advised a contract research organization on privacy and data protection related matters in a definitive agreement to acquire a specialized contract research organization for the biotechnology industry.
Advised a global contract research organization and drug development services company in a definitive agreement to acquire a provider of decentralized and traditional clinical trial-related services.
Advised a global contract research organization and drug development services company in a definitive agreement to acquire a provider of mobile-connected self-service platform solutions for decentralized clinical trials.
News & Publications
- Presenter, "The Office of the Chief Privacy Officer: Leading Practices from Research Universities," SCCE Higher Education Compliance Conference, Orlando, Fla.06.12.2019
- Co-Presenter, "Gray Efficiencies or More Risk? Changes in the Common Rule Pose Increased Privacy & Data Security Risks," NCHICA AMC Privacy & Security Conference, Durham, N.C.06.04.2019
- Co-Presenter, "Traps, Tricks & Trepidation in HIPAA & Hybrid Designations at Universities and AMCs," NCHICA AMC Privacy & Security Conference, Chapel Hill, N.C.06.11.2018
- Presenter, "Humans v. Machines: Embracing the Old or Exploring New Frontiers?" NCHICA AMC Privacy & Security Conference, Chapel Hill, N.C.06.11.2018
- Co-Presenter, "Privacy Boot Camp: A Pragmatic Approach to Surviving the Regulatory Wilderness," SCCE Higher Education Compliance Conference, Austin, Texas06.03.2018
- Co-Presenter, "Want to Participate in Research? There’s an App for That!" NCHICA AMC Privacy & Security Conference, Chapel Hill, N.C.06.12.2017
- Co-Presenter, "Where’s the Data? Risks of Data Location, Storage and Protecting Sensitive PHI," HCCA Research Compliance Conference, Baltimore, Md.06.05.2017
- Presenter, "Sensitive Data Breach: Not if but When," SCCE Higher Education Compliance Conference, Baltimore, Md.06.05.2017