New Hire at Polsinelli to Bring International Expertise on Data Privacy

Elizabeth Harding will add to the firm’s understanding of the EU’s GDPR

Polsinelli bolstered its international data privacy practice last week with the addition of an attorney with roots in the UK and experience in European privacy and technology matters.


The firm announced last week that Liz Harding is joining the technology transactions and data privacy practice as a shareholder. She is making this lateral move from Holland & Hart’s Boulder office.

Harding is certified to practice law in both Colorado and the U.K. and brings more than 20 years of experience in European Union privacy and technology matters, with particular expertise in navigating the U.K.’s Privacy and Electronic Communications Regulations and the more recent EU General Data Protection Regulation GDPR rules that went in effect in May. Her day to day work involves counseling U.S. businesses and organization on their E.U. privacy obligations.  

The European Union currently has some of the strongest privacy rules in the world, which have a tremendous impact on companies of all sizes that conduct business and manage data of EU citizens,” said Greg Kratofil, Jr., a shareholder and chair of the technology transactions and data privacy practice at Polsinelli. “Liz is a powerhouse because of her dual licensure and substantial knowledge of both EU and U.S. data privacy and security requirements.” 

Her work in counseling clients on privacy issues can get fairly complicated fairly quickly and it is hard to create a standardized approach. She says that her best practice is to look at things through a risk-based approach, as most companies can’t afford the legal costs that would incur by ensuring the company is 100-percent compliant in all markets. So instead of making a custom system for a client, Harding looks at the “most conservative privacy regime” the client will encounter and determines where the company’s policies have gaps that need to be filled in. While countries like Russia or China have more unique rules than others, Harding’s real goal is, “trying to establish some sort of baseline for them and then working out what’s the risk of adopting the program where it is as opposed to adopting a program with enhancements.”

The language in privacy laws themselves is also what makes things complex for attorneys focusing on data privacy. The way they are written does not lead to easy comprehension or compliance. This leaves companies trying hard to interpret the laws themselves and determine where they need to change their policies to avoid any consequences. 

As Harding’s primary expertise is in European privacy law, she has a more objective perspective on American privacy laws. The main difference between the two fields of data privacy that she sees is that American laws focus on what happens once a breach happens, and not as much under the concept of actual privacy. She described it as “the protection of people’s data from misuse as opposed to unauthorized access.” As an example she mentioned how Cambridge Analytica was not unauthorized access, but was a misuse of data. Harding had stated earlier in the interview that her work in advising clients could include how they can commercialize data, particularly for marketing purposes, without breaking laws.

Continuing on to the subject of differences of laws on either side of the Atlantic, Harding said that the U.S. is developing laws that are more on the side of basic privacy, but also that the country is and has been more sophisticated than Europe when it comes to breach response laws. 

With the recent change in breach responses under the EU’s General Data Protection Regulation, she said people were worried, but that comparable laws had been in America for much longer. 

With the widespread nature of data privacy laws in America state by state, Harding feels there is a push towards a national version, claiming that the tech giants in the country are supporting such a law.

It is Harding’s new practice group that earned the firm a ranking in BTI Consulting Group’s list of Cybersecurity Leaders in 2017. Polsinelli was also recognized by BTI in their 2018 Client Service A Team Report, the 2018 Brand Elite list and the 2017 Industry Power Rankings.

“I was attracted to Polsinelli because of its national footprint but also the investments they’re making in this group and in this area,” Harding said.

Harding went to school in the U.K. and started out working on intellectual property licensing work, focusing on technology IPs. She thinks that this introduction to working in the legal field really shaped her path and brought her to where she is now, though if you had asked her that early on, she wouldn’t have been able to predict where she would go or do in the legal field. 

— Connor Craven

Previous articleA Conversation With Summit Materials’ Corporate Counsel
Next articleDiversity in Hiring: One Big Gray Area

LEAVE A REPLY

Please enter your comment!
Please enter your name here