8:25 Registration and Continental Breakfast
8:55 Welcome and Introductions
Steve Snyder, Bradley Arant Boult Cummings LLP, Charlotte, 2021-2022 Section Chair, presiding
9:00 Updates in Privacy Law ‡
Matthew A. Cordell, VF Corporation, Greensboro Elizabeth H. Johnson, Wyrick Robbins Yates & Ponton LLP, Raleigh
This session covers recent and pending updates to data privacy law both internationally and in the United States, with a focus on the practical implications of those changes and tips for preparing your clients.
10:10 Ethics in Privacy and Data Security *‡
Jay Exum, Asurion, Raleigh Lynn C. Percival IV, Wyrick Robbins Yates & Ponton LLP, Raleigh
Implementing security measures, avoiding phishing, preserving attorney-client privilege in a data breach—there are a multitude of ethical issues for lawyers relating to privacy and data security. This session helps attendees navigate them.
11:20 AI in the USA ‡
Roy Iversen, Fortalice Solutions LLC, Washington D.C. Karin M. McGinnis, Moore & Van Allen PLLC, Charlotte
Artificial intelligence (AI) is everywhere but is largely unregulated in the U.S. During this presentation, review FTC guidance and decisions on AI and discuss new state law requirements. With insight from a technical expert, attendees also gain a better understanding of what AI is and why it has lawmakers concerned.
12:20 Lunch Break
1:05 Avoiding a SolarWinds in Your Business ‡
Tom MacKenzie, TCDI, Greensboro Peter N. McClelland, Ward and Smith PA, Raleigh
Take a look at the SolarWinds breach and its implications for corporate technology procurement policies, cyber supply chain risk management and due diligence. The session also covers best practices for vendor management, audits and related security frameworks.
2:15 Legally Required Impact Assessments: How to Do It Right ‡
Clara Cottrell, BASF Corporation, Raleigh Molly F. Martinson, Wyrick Robbins Yates & Ponton LLP, Raleigh Shannon B. Ralich, Zendesk, Raleigh
Review the recent requirements of GDPR and various U.S. state laws for businesses to conduct privacy and transfer impact assessments. The speakers also outline the legal requirements and provide practical insights on how businesses are approaching those requirements.
3:25 Mock Data Breach ‡
Alicia Bowers, Atrium Health, Charlotte Tara N. Cho, Womble Bond Dickinson (U.S.) LLP, Raleigh Hayden McKaskle, Palo Alto Networks, Nashville, TN
Cyberattacks, like the recent ones against Colonial Pipeline and meat processor JBS, are crippling organizations in nearly every industry sector. During this session, the speakers walk through the response to a ransomware attack of a health care organization and provide practical tips for containing the breach, complying with legal obligations, and minimizing the harm to patients and the organization.
4:25 Adjourn * Indicates portion providing Ethics/Professional Responsibility credit ‡ Indicates portion providing Technology Training credit
This CLE updates attendees on recent developments in privacy legislation, addresses ethical considerations in this era of emerging challenges and technology, dives into AI, and provides practical legal guidance on navigating vendor contracting issues based on lessons learned from SolarWinds.
Alicia Bowers is the Senior Vice President and Enterprise Chief Privacy and Compliance Officer for Atrium Health, an integrated non-profit health system with more than 70,000 teammates, 40 hospitals, and 1,500 care locations.
Alicia attended the University of North Carolina at Chapel Hill, where she received both an undergraduate degree and a Juris Doctor with Honors. After spending six years with Johnston, Allison & Hord focusing on litigation, appellate law, and health care law, Alicia joined Atrium Health in 2005 as in-house counsel.
Alicia has advised on a variety of risk, operational, regulatory, and contractual health care matters, including HIPAA, patient care and risk management issues, EMTALA, and 340B. In 2013, she transitioned to lead the Privacy Program and co-managed the largest breach in healthcare in 2018.
In addition to serving as the Enterprise Chief Privacy Officer, Alicia is also the Enterprise Chief Compliance Officer and leads the Enterprise Risk Management program.
Click here for more information about Alicia.
Tiffany M. Burba
Tiffany M. Burba helps clients negotiate technology contracts and protect their intellectual property rights. She is a leader in North Carolina's intellectual property community, serving on the council of the N.C. Bar Association's Intellectual Property Law Section.
Tiffany has particular experience at the intersection of intellectual property and technology, including drafting and negotiating hundreds of contracts involving cloud software, data sharing, cybersecurity consulting, and other areas. She has also counseled national companies on compliance with international, federal, and state data privacy regulations
Tiffany maintains an active pro bono practice. She has assisted coastal residents with FEMA and disaster relief claims, represented abused and neglected children in Guardian ad Litem appeals, and contributed to the N.C. Pro Bono Resource Center’s driver’s license restoration initiative. She is also accredited by the U.S. Department of Veterans Affairs to assist veterans in their applications for benefits and other matters before the VA.
Tiffany serves on Parker Poe's Security Committee and Pro Bono Committee. Prior to joining the firm, Tiffany was an associate with the finance group of a law firm in Charlotte, in which she represented commercial banks, investment banks, and other financial institutions in a variety of commercial lending transactions.
Tiffany received both her law degree and master's degree in finance from Vanderbilt University, where she was a member of the Vanderbilt Law Review and the Jessup International Law Moot Court Team. She has served as a judicial intern for the Honorable John T. Nixon of the U.S. District Court for the Middle District of Tennessee and as a law clerk in the U.S. Attorney's Office for that district
Click here for more information about Tiffany.
Tara N. Cho
Tara N. Cho chairs Womble Bond Dickinson (US) LLP's Privacy and Cybersecurity Team in Raleigh. Her practice is dedicated to counseling clients on privacy and data security issues across industries such as technology, retail, e-commerce, healthcare, health-tech, and life sciences. She advises clients on matters related to the CCPA, CPRA and other state privacy laws, HIPAA, Gramm-Leach-Bliley Act, TCPA, CAN-SPAM, and other state and federal privacy, cybersecurity and data breach laws in the U.S. She also advises clients on the GDPR (and UK GDPR) and related requirements of European data protection laws.
Tara helps companies establish and assess compliance programs, respond to data breaches and security incidents, conduct risk analyses, negotiate contracts that govern data use and security, respond to regulator requests and investigations, and address new and evolving issues stemming from the development of mobile and web-based applications, cloud computing, machine learning and AI tools, IoT devices, and other technology solutions that rely on personal data.
Tara became certified as a legal specialist in Privacy and Information Security Law by the North Carolina State Bar Board of Legal Specialization in 2018 as part of the inaugural class of specialists in this field. She is also recognized by the IAPP as a certified information privacy professional for the US (CIPP/US) and Europe (CIPP/E).
Click here for more information about Tara.
Matthew A. Cordell
Matthew A. Cordell is the Vice President and General Counsel for Privacy and Technology at VF Corporation.
VF operates under many consumer brands names you might recognize, including Vans, The North Face, Timberland, Dickies, Supreme, and many others. VF is made up of 70,000 employees in dozens of countries around the world.
Matt is the founder and Chair of the Privacy and Data Security Specialization Committee of the NC State Bar. He holds several IAPP certifications: CIPP/US, CIPP/E, CIPP/Canada, and CIPM. He is an IAPP and ABA certified Privacy Law Specialist (PLS), and an IAPP Fellow of Information Privacy (FIP).
Click here for more information about Matthew.
Clara R. Cottrell
Clara R. Cottrell is Assistant General Counsel, Compliance & Privacy for BASF
Corporation in Research Triangle Park, North Carolina. As part of the Legal Compliance group, she
spends her time exploring and implementing data privacy and protection
strategies for the company and in relation to the many digital projects, products,
and initiatives across the varied business industries serviced by BASF. She also acts as US support on global and
regional projects for data privacy and protection issues.
Clara received her B.S. in Biochemistry from North
Carolina State University and went on to earn her J.D. from Wake Forest
University. After law school, Clara
clerked for the Honorable Judge Ben Tennille (retired) in the North Carolina
Business Court. A registered patent
agent, Clara was in private practice at Smith Moore Leatherwood, now Fox
Rothschild, in Greensboro, NC, before joining BASF in July 2013. Clara moved
into her current data privacy role in January 2020. Clara continues to volunteer her time with
Wake Forest University School of Law as a mentor and as a member of the Rose
Council for young alumni. She is also
actively involved in the North Carolina Bar Association with the Corporate
Counsel Section (past Section Chair) and the Privacy and Data Security Section
(Council member) as well as Chairing the NCBA CLE Committee and being a member
of the NCBA Membership Committee. Clara has been named a 40 Under Forty by The
Business Journal, a 2013 Legal Elite Young Guns Best Under 40 and a North
Carolina Super Lawyers Rising Star.
Angela P. Doughty
Angela P. Doughty is a North Carolina State Bar Board Specialist in Trademark Law and a Certified Information Privacy Professional- United States (CIPP/US) who also serves as the firm's Director of Legal Innovation.
Angela oversees several initiatives to optimize and increase the efficiency of the firm's legal services. In addition to adopting and executing practices, such as Legal Lean Sigma, Angela is responsible for moving the firm through the implementation of process improvement, design methodologies, and innovative technology.
In her IP practice, Angela routinely counsels and assists clients with identifying, protecting, enforcing, and managing their U.S. and international IP rights; trademark and service mark selection, clearance, and registration; opposition and cancellation proceedings before the U.S. Patent and Trademark Office; Internet and domain law issues; software development and licensing transactions; and negotiating the acquisition, licensing, and transfer of intellectual property rights.
Angela has extensive experience with strategic planning and management of IP portfolios, including IP audits to assist clients with the identification of intellectual property assets and the related risks and opportunities.
Click here for more information about Angela.
Jay Exum leads Trust Office for Asurion, a global technology service and support company. The Asurion Trust Office manages data and privacy risks for Asurion through its privacy, data governance and audit and compliance arms, and supports Asurion's security and legal teams in driving compliance with privacy and security laws, including the GDPR, CCPA/CPRA, HIPAA and many others.
Prior to taking his current position at Asurion, Jay led privacy programs for three different companies in three different industries, including PRA Health Sciences, SAS Institute, and Toshiba Global Commerce Solutions.
In addition to his work in the private sector, Jay also served nearly 10 years as a prosecutor with the United States Department of Justice in the United States Attorney's Office for the Eastern District of North Carolina.
Jay holds degrees from the University of North Carolina at Chapel Hill in Economics and Psychology and is a graduate of Harvard Law School.
Click here for more information about Jay.
Roy Iversen is Chief Security Architect at Fortalice Solutions, where he assists clients with Offensive and Defensive Security.
Prior to joining Fortalice, Mr. Iversen served under the CISO as Director of Security Operations Division at the U.S. General Services Administration (GSA).
Click here for more information about Roy.
Elizabeth H. Johnson
Elizabeth H. Johnson is a member of Wyrick Robbins' privacy and data protection practice group. She has practiced exclusively in that specialty for 16 years.
Elizabeth is a certified privacy law specialist (NCBA) and a certified information privacy professional (IAPP).
Click here for more information about Elizabeth.
Tom MacKenzie has worked with TCDI since 2005 and serves as Co-Lead of Privacy & Security Compliance. This role oversees data privacy and security compliance efforts and also serves as liaison to clients and prospective clients interested in TCDI's controls and approaches to data privacy and security.
Additionally, Tom provides cybersecurity clients with CISO related services including security assessments, policy and plan development, and employee education on security behavior best practices.
Tom is Black Belt trained in Lean Six Sigma and holds multiple International Association of Privacy Professionals (IAPP) information privacy certifications including CIPP/US, CIPP/E, and CIPM. Tom is also recognized by the IAPP as a Fellow in Information Privacy (FIP).
Additionally, Tom holds the Certified eDiscovery Specialist (CEDS) designation, a rigorous program of study and examination sponsored by the Association of Certified eDiscovery Specialists (ACEDS).
Click here for more information about Tom.
Molly F. Martinson
Molly F. Martinson is a member of Wyrick Robbins' Privacy & Data Security practice group.
Molly advises clients on matters including data breach notification, HIPAA compliance, and state and federal laws that impact collection, storage, use, and protection of personal information such as the Telephone Consumer Protection Act, CAN-SPAM, COPPA, and the Song-Beverly Credit Card Act.
Molly helps clients assess the privacy and data security risks associated with new initiatives, assists clients with the identification and implementation of risk-mitigating controls, and administers privacy and data security investigations and assessments. She also regularly prepares and revises privacy notices and contracts to account for the requirements of the EU General Data Protection Regulation (GDPR).
Molly received her B.A.,
cum laude from Wake Forest University and her J.D. with honors from UNC School of Law. During law school, Molly was an Articles Editor for the North Carolina Law Review, as well as a Dean's Fellow and an Honors Writing Scholar. She also received the Gressman-Pollitt Award for Excellence in Oral Advocacy.
Molly served as a law clerk to the Honorable Robert N. Hunter, Jr. on the Supreme Court of North Carolina and the North Carolina Court of Appeals before entering private practice.
Click here for more information about Molly.
Peter N. McClelland
Peter N. McClelland is an attorney and a Certified Information Privacy Professional/US (CIPP/US) who assists clients in a range of privacy, data security, cyber supply chain and technology matters.
Peter regularly counsels on the legal requirements and risks associated with the collection, storage, transfer, use, protection, and disposal of data. Businesses and individuals rely on his privacy and data security expertise for structuring and operationalizing privacy compliance programs, data breach response and planning, contract and vendor management, and licensing and technology transactions.
Peter's practice encompasses counsel on a wide variety of state, federal, and international regulations such as Health Insurance Portability Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH), Gramm-Leach-Bliley Act, the Fair Credit Reporting Act (FCRA), CAN-SPAM, Children's Online Privacy Protection Rule (COPPA), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and international data transfer mechanisms.
Prior to joining Ward and Smith, Peter worked as an in-house attorney for a North Carolina technology cybersecurity startup, where he managed all in-house legal affairs for strategic cyber risk management and data analytics. He also represented the company on a U.S. Department of Homeland Security's Cyber Supply Chain Risk Management Task Force.
Peter also served as a resident-in-practice for the North Carolina Business Court.
Click here for more information about Peter.
Karin M. McGinnis
Karin M. McGinnis CIPP/US, is known as a true business partner when litigating and providing counsel to her clients. She is the co-head of Moore & Van Allen PLLC's Privacy and Data Security group.
Well versed in employment, privacy, and general commercial litigation, Karin helps clients navigate a range of complex issues.
In addition to employment and privacy matters, Karin has successfully litigated a wide range of matters, including lawsuits involving trade secret misappropriation, defamation, violations of noncompetition agreements, antitrust matters, breach of commercial contracts, fraudulent conveyances, unfair trade practices, and shareholder and corporate disputes.
Karin regularly counsels her clients on how to implement best practices to avoid legal pitfalls but is also their first line of defense when matters arise. She understands that ongoing technological advancement means that the law, especially privacy and employment laws, are constantly evolving and stays apprised of federal and state laws to ensure her clients are in compliance.
Click here for more information about Karin.
Hayden McKaskle manages the relationships with privacy and data security attorneys across North America and the UK for Unit 42.
In his role, Hayden pulls together resources to rapidly respond and serve clients and outside counsel. Unit 42 is a cybersecurity consulting group that brings together world-class threat researchers and elite incident responders to protect enterprises and organizations against the latest cyberthreats.
Prior to joining Palo Alto Networks, Hayden was Managing Director of Channel Market Partners, a channel development and consulting company focused on data risk. He has decades of experience in IT services and security including time at IBM and Kroll and was formerly CEO of Emco Electronics Ltd. in the United Kingdom.
Hayden studied Economics at the University of Tennessee and lives in Nashville.
Click here for more information about Hayden.
Lynn C. Percival IV
Lynn C. Percival IV leads the Privacy and Data Security Practice Group at Wyrick Robbins.
Lynn's experience includes representation of organizations in the retail, technology, financial, media, advertising, and health care sectors, among others.
Lynn advises clients on compliance with a multitude of privacy and data security laws, such as HIPAA, the Telephone Consumer Protection Act, the Gramm-Leach-Bliley Act, GDPR, and state privacy and data security laws, including the California Consumer Privacy Act, the California Privacy Rights Act, the Virginia Consumer Data Protection Act, and the Colorado Privacy Act.
Lynn helps clients establish compliance programs, respond to data breaches, and administer privacy and data security investigations and assessments.
Lynn has experience advising clients on compliance challenges posed by significant company initiatives such as digita therapeutics, behavioral advertising, location tracking, consumer-facing mobile payment initiatives, international data transfers, data analytics and aggregation services, data broker services, vendor management, and phone call, text message, and email outreach programs.
Click here for more information about Lynn.
Shannon B. Ralich
Shannon B. Ralich holds the position of Associate General Counsel, Senior Director of Privacy, at Zendesk.
Shannon is a Board Certified Specialist in Privacy and Information Security Law by the North Carolina State Bar and is a Fellow of Information Privacy, Certified Information Privacy Manager, and Certified Information Privacy Professional (CIPP) E and US.
Shannon is Co-Chair of the International Data Privacy Committee of the Privacy and Data Security Section and Council Member of the Corporate Counsel Section of the North Carolina Bar Association, past Co-Chair of the CLE Committee of the Corporate Counsel Section of the North Carolina Bar Association, a Co-Founder of a STEM nonprofit organization, and past Triangle Business Journal 40 under 40 Leadership Award winner.
Shannon holds a J.D. from North Carolina Central University evening program and a Bachelor of Science from Nova Southeastern University.
Click here for more information about Shannon.
If you did not attend this program in its entirety, please fill out a
to ensure that we report your credit accurately.
partial credit form
Please send your completed form to
within seven days of this program.