Ashley L. Thomas

Ashley L. Thomas is a privacy and cybersecurity attorney in Holland & Knight's Washington, D.C., office. Ms. Thomas focuses her practice on cyber and data risk management and governance, breach preparedness and response, crisis management and global data privacy compliance. She regularly counsels clients on cross-border data flows and navigating conflicts between foreign privacy laws and U.S. compliance obligations.

Ms. Thomas advises clients on all aspects of compliance with federal, state and international data privacy and security laws, such as the European Union (EU) General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), Children's Online Privacy Protection Act (COPPA) and Family Educational Rights and Privacy Act (FERPA). She advises clients in various industries on privacy matters, including information governance and data management, online advertising and internal compliance policies as well as consumer policies, including website and mobile application policies, vendor management, blockchain and privacy and security-related compliance strategies and programs. She also guides clients on risks and potential liabilities associated with privacy and data security practices in mergers and acquisitions (M&A) and technology transactions.

Ms. Thomas prepares, updates and advises clients on their privacy, data security and incident response policies and procedures, as well as third-party vendor agreements. She regularly counsels clients following data and cybersecurity incidents, including subsequent internal investigations, state and federal notification obligations and associated regulatory and litigation risks. Ms. Thomas is a Certified Information Privacy Professional (CIPP/US and CIPP/E) through the International Association of Privacy Professionals (IAPP).In addition, Ms. Thomas represents clients in the healthcare industry. She advises public health systems, medical device manufacturers and technology companies on data breaches and breach notification risk assessments, as well as on an array of regulatory compliance, licensure and operational matters.

Prior to joining Holland & Knight, Ms. Thomas was an attorney at multiple Am Law 100 firms, where she advised clients on all aspects of data privacy and security.

During law school, Ms. Thomas was a law clerk with the U.S. Attorney's Office in Nashville, Tennessee, as well as a law clerk with the Cook County (Illinois) State Attorney. She also completed judicial internships with the U.S. Bankruptcy Court for the Middle District of Florida and for the Honorable John Bryant of the U.S. District Court for the Middle District of Tennessee.