Overview
Elizabeth K. "Bess" Hinson is a privacy and cybersecurity attorney in Holland & Knight's Atlanta office. Ms. Hinson focuses her practice on cyber and data risk management and governance, breach preparedness and response, crisis management and global data privacy compliance.
Ms. Hinson represents clients at all stages of incident response from investigation, notification, remediation, managing privacy class action risks, and defense of litigation and regulatory inquiry. She regularly counsels clients on cross-border data flows and navigating conflicts between foreign privacy laws and U.S. compliance obligations.
In addition, Ms. Hinson oversees and coordinates European Union (EU) General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) compliance assessment and implementation programs for clients. She advises clients in various industries on privacy matters, including information governance and data management, online advertising and internal compliance policies as well as consumer policies, including website and mobile application policies, vendor management, blockchain, and privacy and security-related compliance strategies and programs. She also guides clients on risks and potential liabilities associated with privacy and data security practices in mergers and acquisitions (M&A) and technology transactions.
Ms. Hinson previously served as a law clerk to the Honorable Eugene E. Siler Jr. on the U.S. Court of Appeals for the Sixth Circuit. During law school, Ms. Hinson served as the executive articles editor of the Michigan Journal of Race & Law. She also was a student attorney at the Human Trafficking Clinic.
Representative Experience
- Coached a casino and hotel resort on ransomware attack, including advising on cyber forensic investigation, threat actor negotiations, data mining and e-discovery, consumer and regulatory notifications, and cyber liability insurance claim
- Advised a financial services company regarding data security incident and response strategy concerning third-party vendor data breach
- Coached an employee benefits company in response to ransomware attack, including advising on cyber forensic investigation, threat actor negotiations and e-discovery process for purpose of satisfying customer contractual notification obligations
- Advised multiple clients through all stages of data breach incidents resulting from W-2 phishing scams, including developing tailored guidance for affected employee populations
- Counseled a manufacturer regarding cross-border data transfers, social networking matters and email marketing campaigns
- Defended a large retailer in consumer data breach multidistrict litigation, including claims under state data breach notification laws, the Stored Communications Act and consumer protection statutes
- Advised a global hotel management company on the development and implementation of General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) compliance program
- Coached a global software as a service (SaaS) web content management and optimization solution through Office 365 data breach forensic investigation and compliance with Canadian, European and U.S. reporting requirements
- Counseled multiple clients on the development of global privacy policies and terms of service for e-commerce websites and mobile applications, including drafting the policies and related agreements
- Counseled an internet-based delivery service regarding data monetization strategy
- Advised a toy manufacturer on Children's Online Privacy Protection Act (COPPA) requirements related to producing children's content on streaming channels
- Represented a lodging real estate investment trust (REIT) in data breach liability assessment
- Counseled a restaurant franchise regarding response to breach of system, employee theft of confidential information and post-breach litigation
- Represented an international auto manufacturer in the review and revision of vendor and certain data sharing agreements
- Advised an international auto manufacturer regarding privacy and data security employee training, including drafting various training documents
- Performed privacy and security due diligence for the acquisition of a technology company
- Counseled a national construction company through all stages of a data breach incident, including incident analysis and breach containment, notification in compliance with all regulatory requirements, loss mitigation and remediation
- Counseled an international software company regarding cross-border data transfers
Credentials
- University of Michigan Law School, J.D.
- Oxford University, M.St., English and American Studies
- Yale College, B.A., English
- Georgia
- Michigan
- South Carolina
- U.S. Court of Appeals for the Sixth Circuit
- U.S. District Court for the Northern District of Georgia
- U.S. District Court for the Eastern District of Michigan
- U.S. District Court for the Western District of Michigan
- Technology Association of Georgia (TAG), Corporate Development Society Board of Directors, 2021-2022
- The Atlanta Women's Foundation, Board Member, 2021-Present
- Yale Club of Georgia, Secretary, 2019-Present
- The American Lawyer, Young Lawyer Editorial Board, 2018-Present
- Georgia Chamber of Commerce, Innovation and Technology Committee, 2018-Present; Cyber Security Working Group, 2018-Present
- Atlanta Bar Association, 2017-Present
- Atlanta Women in Cybersecurity Roundtable, Founder, 2017-Present
- Young Women Leaders Forum (YWLF) of Atlanta, 2017-Present
- Yale Alumni Schools Committee, 2013-Present
- The Best Lawyers in America guide, Privacy and Data Security Law, 2023, 2024
- The Legal 500 USA, Media, Technology and Telecoms – Cyber Law (Including Data Privacy and Data Protection), 2023
- On the Rise Award, Georgia Legal Awards, 2020
- Georgia Trailblazers, Daily Report, 2019
- 50 on Fire, Cybersecurity, Atlanta Inno, 2019
- The Nakanishi Prize for Exemplary Leadership in Enhancing Race and Ethnic Relations, Yale College, 2006
