Health Care - Counsels clients on compliance with health privacy laws, including HIPAA, the HITECH Act, the Privacy Rule, the Security Rule, the Breach Notification Rule, and various state laws governing the use and disclosure of health data.
Financial Services - Counsels clients on compliance with the Gramm-Leach-Bliley Act and underlying Privacy and Safeguards Rules, the Fair Credit Reporting Act and underlying Affiliate Marketing Rule and FTC Disposal Rule, and various state laws governing the use and disclosure of consumer financial information.
Workplace Privacy - Assists employers in addressing workplace privacy, such as compliant monitoring of employee Internet and email usage, provision of appropriate privacy notices, implementing a HIPAA-compliant group health plan, and appropriate employee training on privacy and information security considerations.
Online Privacy - Counsels clients regarding online operations, including preparation of website privacy notices, compliance with the Children’s Online Privacy Protection Act and the California Online Privacy Protection Act, the use of social networking tools or behavioral advertising to promote the business, and other web-related compliance obligations.
Marketing - We assist our clients to help ensure their direct marketing does not run afoul of the disparate federal regulations pertaining to direct marketing, including email marketing and mobile marketing via SMS or Mobile Service Commercial Message.
Records Management - Designs and assists in implementation of comprehensive records management programs including preparation of policies, procedures and records retention schedules.
International - Develops global compliance programs for clients, including legalizing data flows from the European Union using model clauses, relying on data subjects’ consent or by certifying compliance with the U.S. Department of Commerce's Safe Harbor program. Assists clients in all aspects of implementing Safe Harbor compliance.
Recent Speaking Engagements
4/23/15 Here Come the Other Feds: FTC Enforcement in Privacy and Data Security, NC Bar Association, Health Law Section Annual Meeting
4/16/15 Triangle Business Journal's Cyber Security Symposium - panel member
3/9/15 Cyber Security: U.S. Legal Update, British American Business Council
2/5/15 Data Breach Response, NC League of Municipalities Annual Managers Meeting
2/2015 Emerging Privacy and Security Risks in Ecommerce, ROI
1/30/15 The Role of In-House Counsel Before, During and After a Data Breach, NC Bar Association, Corporate Counsel Annual Meeting
1/24/15 Parade of Horribles: Update on 2014 Privacy and Data Security Enforcement, Carolina Privacy Officials Network
1/23/15 HIPAA Bingo: Everyone’s a Loser, Carolina Privacy Officials’ Network Annual Meeting
Fall 2014 (Various dates), Security Breach Response Overview: Legal Requirements and Response Tips, North Carolina League of Municipalities
8/5/14 Security Compliance and Strategy: Key Issues to Survive Agency Audits, North Carolina Healthcare Facilities Association
11/21/13 Hispanic National Bar Association Corporate Counsel Section, Privacy Law Update
10/18/13 Campbell Law Review Annual Symposium, Keynote
10/14/13 North Carolina League of Municipalities, Breach Notification and Information Security Legal Requirements
10/9/13 North Carolina Assisted Living Association, The Final Omnibus HIPAA/HITECH Rules: What They Mean for You
8/2/13 RTP CFO Forum, Hackers and Spammers and Malware, Oh My! Pulling Back the Curtain on Cyber Security and Breach
7/11/13 Hughes Pittman Gupton Annual Client Seminar, Privacy and Information Security: An Update on Legal Risks and Requirements
5/23/13 North Carolina Medical Society, New HIPAA/HITECH Rules: Strategy and Risk Mitigation (Part II)
3/26/13 and 4/5/13 Association of Home and Hospice Care, The Final Omnibus HIPAA/HITECH Rules: What They Mean for You
3/7/13 International Association of Privacy Professionals, Privacy Summit, The Art of BYOD Implementation: A Case Study at the World’s Largest Employer
2/8/13 UNC Festival of Legal Learning, Breach Notification and Security Legal Requirements
1/21/13 Carolina Privacy Officials Network, Blink and You Missed It: Recap of 20 Major Privacy Events from Last 60 Days
10/28/12 Consero, Corporate Compliance and Ethics Forum, Privacy and Data Security Panel
9/27/12 Hughes Pittman Gupton/Poyner Spruill Client Event, Cybersecurity Panel
8/23/12 Peak 10 Forum, Cloud Computing Compliance Panel
5/10/12 North Carolina Bankers Association, Security Summit, Emerging Legal Requirements in Information Security
5/9/12 North Carolina Medical Society, New HIPAA/HITECH Rules: Compliance and Implementation (Part I)
4/26/12 MD HIMSS Spring Conference: Emerging Legal Risks in Social Media for Health Care Providers
4/13/12 NCTA's State of Technology: Big Data – Privacy and Security
4/13/12 NCHIMA Spring Meeting: Emerging Legal Risks in Social Media for Health Care Providers
4/9/12 NCHCFA “All Things Audit” Conference: OCR HIPAA Audits: What to Expect and How to Prepare
4/6/12 RTP CFO Forum: Emerging Privacy and Data Protection Requirements and Risks
3/21/12 VACO Event: Managing Social Media in the Workplace
1/28/12 CPON Data Privacy Day Symposium: Proposed Revisions to EU Data Protection Directive
12/7/11 Cherry, Bekaert & Holland, Critical Times & Critical Issues: Solutions to Financial & Operational Challenges, Emerging Privacy and Security Risks
11/30/11 Twin Cities Privacy Network, Minnesota Health Privacy Summit, Social Media and Mobile Devices in Health Care
11/2/11 The Advisory Group, Key Steps to Help Avoid a Major Privacy or Security Headache
10/11/11 UNC-C Annual Cybersecurity Symposium, The Good, the Bad, and the Really, Really Ugly: in Federal Legislative Proposals and Government Initiatives
9/26/11 NCHICA Annual Meeting, Identification and Management of Emerging Legal Risks in Social Media
9/07/11 ISACA RTC Emerging Risks and Requirements in Information Privacy and Security
6/23/11 NCTA Emerging Technologies & Trends Series "Connecting Your Workforce Through Mobile Apps", Panel Moderator
4/21/11 Peak 10 Presentation, Security Risk and Compliance in the Cloud
4/13/11 East Coast Game Conference, Ten Steps to Avoid a Major Privacy or Security Breach
3/18/11 State Capital Law Group Annual Meeting, Navigating Social Media on the Internet: Legal, Practical and Ethical Issues Involved When Deploying Online Resources in Your Legal Practice
2/25/11 Twin Cities Privacy Retreat, "Risk of Harm" Considerations in Data-Breach Notification
2/11/11 UNC Festival of Legal Learning, Privacy and Information Security for Legal Service Providers
1/28/11 CPON: Data Privacy Day Symposium, Emerging Risk and Compliance as the Practice of Law Gets Social (Online)
1/25/11 Intellectual Exchange Group, CIO Roundtable on HIPAA Compliance, Panel Moderator
1/12/11, Triangle Interactive Marketing Association Lunch and Learn, Ten Steps to Help Avoid a Major Privacy or Security Headache
11/18/10, 12/1/10, and 12/9/10 Advising the Business Owner Seminar, Emerging Privacy and Security Risks
11/17/10 Internet Summit 10, Ten Steps to Avoid a Major Privacy or Security Breach
11/02/10 11th Annual Cyber Security Symposium, UNC Charlotte, Legally-Defensible Security: What New Laws and Emerging Risks Mean for Your Information Security Program
2008-2012 Guest Lecturer, Privacy Law Seminar, University of North Carolina School of Law
10/19/2010 Association for Home and Hospice Care Annual Leadership Conference: It's Not a Day at the Beach - HITECH: What Agencies Need to Know
10/05/10 Nova E-Discovery Panel: Practical Guide to Corporate e-Discovery
09/15/10 NCHICA Annual Meeting: HITECH Act Breach Notification - Preparing Effectively for Tomorrow's Security Breach by Mitigating Today's Risks
08/18/10 NCTA Emerging Tech and Trends Panel - Cybersecurity
01/21/10 Data Privacy Day: CPON Symposium - So Much for F2F: Privacy Compliance & Risk as Businesses Go Virtual
Prior to joining Poyner Spruill in 2009, Elizabeth was an Associate with Hunton & Williams LLP. From 2003 - 2004 she was a Judicial Law Clerk for the Honorable William L. Osteen, U.S. District Court, Middle District of North Carolina.