Elizabeth is a technology-focused business attorney concentrating on data privacy and cybersecurity, with a rich background encompassing regulatory compliance, cybersecurity risk management, and privacy law. With past roles as both Chief Privacy Officer and General Counsel, she brings a unique blend of in-house insight and legal acumen to her practice.

Elizabeth guides clients through comprehensive privacy and/or cybersecurity compliance programs, technology-driven privacy and cyber risks, and offers pragmatic solutions that align with business objectives. Elizabeth has extensive experience and qualifications to assist businesses in compliance with the recently enacted and pending state consumer data privacy laws, including the Texas Data Privacy and Security Act, which goes into effect on July 1, 2024.

She also focuses on breach prevention, conducting privacy risk assessments, and coordinating breach response teams and her experience extends to developing comprehensive privacy and cybersecurity compliance frameworks tailored to diverse industries, including retail, healthcare, education and government.  

Leveraging her background in employment law as well as in-house and Texas state government experience, Elizabeth addresses privacy issues within organizational contexts. She collaborates closely with executive leadership and stakeholders to provide strategic compliance counseling, facilitate tabletop exercises, and craft policies, procedures, and training programs to enhance employee awareness and adherence to privacy and security requirements. 

Beyond her legal practice, Elizabeth teaches cybersecurity and privacy law at the University of Texas School of Information’s Master’s Program in Information Privacy and Security. She is recognized as a thought leader in the field, frequently presenting and publishing insights on emerging trends in privacy and cybersecurity, and providing invaluable guidance to businesses navigating this evolving landscape.

Representative Experience

• Develops EU and Global Data Compliance Programs based on the GDPR, the Privacy Shield and privacy laws and regulations in regions throughout the world.
• Advises and counsels e-commerce and global storefront retailers, financial institutions and other companies on cybersecurity risks, incidents and policy issues, including proactive cybersecurity readiness, developing and conducting full-scale tabletop exercises for C-suite executives and Board of Directors.
• Advises major healthcare providers and health plans on all aspects of HIPAA security breaches, including OCR and state enforcement.
• Conducts all phases of online and offline privacy assessments and information security policy audits.
• Develops global corporate records management programs, including policies, records retention schedules and training modules.
• Evaluates practices associated with data analytics, “big data,” and the Internet of Things.
• Offers specialized counseling for fiduciaries, including Board Members, Board Committees and Named/Managing Fiduciaries of ERISA Plans and other asset plan managers, concerning their fiduciary obligations to provide adequate cybersecurity controls and best practices for information assets belonging to shareholders and plan participants.
• Evaluates cyber liability insurance needs and negotiation of provisions in cyber liability insurance policies.
• Merger and Acquisition support to assess privacy and security practices of target corporation, portfolio company, or start-up.
• Supports breach litigation and regulatory activities to remediate vulnerabilities in privacy and information security governance programs and/or information security standards. Drafts and negotiates appropriate privacy and cybersecurity clauses in complex technology and other transactions.