Kelly M. Garrison Associate




Kelly Garrison assists clients across all industries with breach response services following cybercrime incidents and data privacy crises. She advises organizations as to their legal rights and obligations under state, federal and international privacy laws and regulations, as well as industry-specific obligations that may exist following a data incident and the potential exposure of personally identifiable information (PII) and protected health information (PHI). 

As a "breach coach,” Kelly further counsels clients in responding to federal and state government investigations and third-party claims that arise following cybersecurity and data privacy incidents. Additionally, she is experienced in advising insurers as to obligations under their policies and endorsements with respect to coverage following cybersecurity and data privacy incidents. 

Kelly joined Wilson Elser in 2014 as a paralegal and continued her employment with the firm throughout her pursuit of a law degree. During that time, Kelly provided support on a variety of civil defense matters and general counsel support to a nationwide sports organization. She prepared her team for and attended countless arbitrations and mediations and has provided trial support in the Federal District Court of Colorado where her team won a defense verdict after a two-week intellectual property trial involving more than 500 exhibits. With her broad background, Kelly is able to appreciate and understand her clients’ needs and draw on her comprehensive knowledge to timely resolve matters and achieve positive results. 

During law school, Kelly interned with Equal Justice America in its Disability Rights Clinic, where she assisted elderly clients in lifetime and estate planning and clients with disabilities and their families in navigating guardianships, establishing and maintaining special needs trusts and other advocacy needs. Kelly was a finalist at the International Baseball Arbitration Competition held at Tulane University.

Areas of Focus

Cybersecurity & Data Privacy
Kelly provides around the clock support to contain and address her clients’ concerns following cybersecurity and data privacy incidents, including ransomware events, business email compromises, inadvertent disclosures, unauthorized access to their environments and employee bad actors. She quickly deploys a team of third-party incident response vendors comprising forensic investigators, cyber-extortion negotiators and restoration vendors to secure her clients’ environment and restore operations quickly and cost-effectively. In the early stages of an incident, Kelly counsels her clients on the complexities of negotiating and paying ransom demands to cybercriminals as well as crisis communications to their internal and external communities and media. 

Kelly guides her clients each step of the way through the forensic investigation of their environment and helps them identify and satisfy any legal notification obligations that may exist under various state, federal and international laws and regulations. These may include state data breach notification laws and the Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), Gramm-Leach-Bliley Act (GLBA), the EU’s General Data Protection Regulation (GDPR), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). Additionally, Kelly assists her clients in communicating with law enforcement and the IRS and addressing state and federal regulatory investigations that may arise following a data incident. Kelly further advises clients as to physical and technical safeguards designed to comply with legal obligations and prevent future events.