Haylie D. Treas
(She/Her/Hers)
Senior Counsel
Haylie D. Treas
+1.713.217.2875
Overview
Haylie D. Treas is an attorney in Holland & Knight's Houston office and a member of the Data Strategy, Security & Privacy Team. Ms. Treas is recognized for her ability to advise clients regarding the evolving regulatory environment surrounding the use and sharing of data, particularly in relation to cookies and similar technologies, and defending clients in litigation related to the use of cookies and other tracking technologies. She takes a practical approach to counseling clients in managing risk and navigating the complex legal landscape of data protection and information security, including in the areas of compliance and data strategy, incident response, technology transactions, and litigation and regulatory investigations. Ms. Treas also draws from her experience as a litigator to inform her approach to identifying and mitigating legal risks for clients.
Representative Experience
- Develops and updates privacy programs for clients across numerous industries (including FinTech, staff augmentation, hospitality, insurance and direct-to-consumer products) in relation to U.S. state and federal privacy laws, including the California Consumer Privacy Act (CCPA), Texas Data Privacy and Security Act (TDPSA) and Gramm-Leach-Bliley Act, as well as other foreign privacy regimes (including the European Union's General Data Protection Regulation (GDPR)), which involves drafting and revising privacy policies, cookie policies, and data retention and data classification policies
- Advises clients on implementing cybersecurity best practices and information security programs, including drafting and updating policies and procedures covering security (technical, physical and administrative safeguards), service providers, training and data retention, backups, and data access and use limitations
- Facilitates tabletop exercises to test incident response programs and assist with developing after action reports and areas of improvement
- Engages with clients' internal information technology teams to update incident response plans, including in relation to requirements of applicable laws and regulations that vary by industry, and after-action reports from tabletop exercises
- Guides clients in their data collection and disclosure practices through the use of cookies and similar technologies, including advising on compliance obligations and risks under U.S. and foreign laws and implementing cookie management tools
- Oversees and coordinates incident response for various types of data incidents (such as ransomware, data exfiltration, business email compromise, etc.), including engaging and overseeing forensic teams and ransom negotiators, advising on legal considerations, as well as preparing notices to individuals, regulators and others as needed
- Manages fraudulent payment incidents for clients of all sizes, including reporting to law enforcement and/or banking institutions, negotiating with affected customers (accounts receivable) or vendors (accounts payable) to resolve the incident and updating client contracts to incorporate terms relating to wire transfers
- Responds to inquiries from regulators in relation to data incidents
- Advises on numerous diligence projects in merger and acquisitions (M&A) deals across diverse industries in relation to data security and privacy, compliance and information technology
- Manages comprehensive data protection agreement negotiation projects for various clients in retail, hospitality and travel services in relation to vendors that maintain, or have access to, personal information or proprietary/confidential company information
- Drafts and revises website terms of use for clients in various industries (including online marketplaces, telehealth platforms and retail)
- Defends a client relating to allegations from consumers and regulators about the use and sharing of data through tracking technologies on websites
- Defends a client in a multimillion-dollar lawsuit relating to claims involving a product's lack of security and product liability
- Defends a client in relation to a vendor data breach
Credentials
Education
- University of Oklahoma College of Law, J.D.
- Louisiana College, B.A., magna cum laude
Bar Admissions/Licenses
- Oklahoma
- Texas
Court Admissions
- U.S. District Court for the Eastern District of Oklahoma
- U.S. District Court for the Northern District of Oklahoma
- U.S. District Court for the Western District of Oklahoma
- U.S. District Court for the Southern District of Texas
Certifications
- International Association of Privacy Professionals (IAPP) Certified Information Privacy Professional/United States (CIPP/US)
- OneTrust Certified Privacy Management Professional
Memberships
- Houston Bar Association, Technology Law Section, Treasurer, 2025-Present
- Texas Bar Foundation, Fellow, 2020-Present
