Skip to main content

SolarWinds of Change and Other Challenges for the Privacy and Data Security Practitioner (2021 Privacy & Data Security Section Program)

8:25        Registration and Continental Breakfast

8:55        Welcome and Introductions

Steve Snyder, Bradley Arant Boult Cummings LLP, Charlotte, 2021-2022 Section Chair, presiding

9:00        Updates in Privacy Law

Matthew A. Cordell, VF Corporation, Greensboro
Elizabeth H. Johnson, Wyrick Robbins Yates & Ponton LLP, Raleigh

This session covers recent and pending updates to data privacy law both internationally and in the United States, with a focus on the practical implications of those changes and tips for preparing your clients.

10:00      Break

10:10      Ethics in Privacy and Data Security*‡

Jay Exum, Asurion, Raleigh
Lynn C. Percival IV, Wyrick Robbins Yates & Ponton LLP, Raleigh

Implementing security measures, avoiding phishing, preserving attorney-client privilege in a data breach—there are a multitude of ethical issues for lawyers relating to privacy and data security. This session helps attendees navigate them.

11:10      Break

11:20      AI in the USA

Roy Iversen, Fortalice Solutions LLC, Washington D.C.
Karin M. McGinnis, Moore & Van Allen PLLC, Charlotte

Artificial intelligence (AI) is everywhere but is largely unregulated in the U.S. During this presentation, review FTC guidance and decisions on AI and discuss new state law requirements. With insight from a technical expert, attendees also gain a better understanding of what AI is and why it has lawmakers concerned.

12:20      Lunch Break

1:05        Avoiding a SolarWinds in Your Business

Tom MacKenzie, TCDI, Greensboro
Peter N. McClelland, Ward and Smith PA, Raleigh

Take a look at the SolarWinds breach and its implications for corporate technology procurement policies, cyber supply chain risk management and due diligence. The session also covers best practices for vendor management, audits and related security frameworks.

2:05        Break

2:15        Legally Required Impact Assessments: How to Do It Right

Clara Cottrell, BASF Corporation, Raleigh
Molly F. Martinson, Wyrick Robbins Yates & Ponton LLP, Raleigh
Shannon B. Ralich, Zendesk, Raleigh

Review the recent requirements of GDPR and various U.S. state laws for businesses to conduct privacy and transfer impact assessments. The speakers also outline the legal requirements and provide practical insights on how businesses are approaching those requirements.

3:15        Break

3:25        Mock Data Breach

Alicia Bowers, Atrium Health, Charlotte
Tara N. Cho, Womble Bond Dickinson (U.S.) LLP, Raleigh
Hayden McKaskle, Palo Alto Networks, Nashville, TN

Cyberattacks, like the recent ones against Colonial Pipeline and meat processor JBS, are crippling organizations in nearly every industry sector. During this session, the speakers walk through the response to a ransomware attack of a health care organization and provide practical tips for containing the breach, complying with legal obligations, and minimizing the harm to patients and the organization.

3:35        Break

4:25        Adjourn

* Indicates portion providing Ethics/Professional Responsibility credit
‡ Indicates portion providing Technology Training credit


This CLE updates attendees on recent developments in privacy legislation, addresses ethical considerations in this era of emerging challenges and technology, dives into AI, and provides practical legal guidance on navigating vendor contracting issues based on lessons learned from SolarWinds.


  • Alicia Bowers

    Alicia Bowers is the Senior Vice President and Enterprise Chief Privacy and Compliance Officer for Atrium Health, an integrated non-profit health system with more than 70,000 teammates, 40 hospitals, and 1,500 care locations.

    Alicia attended the University of North Carolina at Chapel Hill, where she received both an undergraduate degree and a Juris Doctor with Honors. After spending six years with Johnston, Allison & Hord focusing on litigation, appellate law, and health care law, Alicia joined Atrium Health in 2005 as in-house counsel.

    Alicia has advised on a variety of risk, operational, regulatory, and contractual health care matters, including HIPAA, patient care and risk management issues, EMTALA, and 340B. In 2013, she transitioned to lead the Privacy Program and co-managed the largest breach in healthcare in 2018.

    In addition to serving as the Enterprise Chief Privacy Officer, Alicia is also the Enterprise Chief Compliance Officer and leads the Enterprise Risk Management program.

    Click here for more information about Alicia.

  • Tiffany M. Burba

    Tiffany M. Burba helps clients negotiate technology contracts and protect their intellectual property rights. She is a leader in North Carolina's intellectual property community, serving on the council of the N.C. Bar Association's Intellectual Property Law Section.

    Tiffany has particular experience at the intersection of intellectual property and technology, including drafting and negotiating hundreds of contracts involving cloud software, data sharing, cybersecurity consulting, and other areas. She has also counseled national companies on compliance with international, federal, and state data privacy regulations

    Tiffany maintains an active pro bono practice. She has assisted coastal residents with FEMA and disaster relief claims, represented abused and neglected children in Guardian ad Litem appeals, and contributed to the N.C. Pro Bono Resource Center’s driver’s license restoration initiative. She is also accredited by the U.S. Department of Veterans Affairs to assist veterans in their applications for benefits and other matters before the VA.

    Tiffany serves on Parker Poe's Security Committee and Pro Bono Committee. Prior to joining the firm, Tiffany was an associate with the finance group of a law firm in Charlotte, in which she represented commercial banks, investment banks, and other financial institutions in a variety of commercial lending transactions.

    Tiffany received both her law degree and master's degree in finance from Vanderbilt University, where she was a member of the Vanderbilt Law Review and the Jessup International Law Moot Court Team. She has served as a judicial intern for the Honorable John T. Nixon of the U.S. District Court for the Middle District of Tennessee and as a law clerk in the U.S. Attorney's Office for that district

    Click here for more information about Tiffany.

  • Tara N. Cho

    Tara N. Cho chairs Womble Bond Dickinson (US) LLP's Privacy and Cybersecurity Team in Raleigh. Her practice is dedicated to counseling clients on privacy and data security issues across industries such as technology, retail, e-commerce, healthcare, health-tech, and life sciences. She advises clients on matters related to the CCPA, CPRA and other state privacy laws, HIPAA, Gramm-Leach-Bliley Act, TCPA, CAN-SPAM, and other state and federal privacy, cybersecurity and data breach laws in the U.S. She also advises clients on the GDPR (and UK GDPR) and related requirements of European data protection laws.

    Tara helps companies establish and assess compliance programs, respond to data breaches and security incidents, conduct risk analyses, negotiate contracts that govern data use and security, respond to regulator requests and investigations, and address new and evolving issues stemming from the development of mobile and web-based applications, cloud computing, machine learning and AI tools, IoT devices, and other technology solutions that rely on personal data.

    Tara became certified as a legal specialist in Privacy and Information Security Law by the North Carolina State Bar Board of Legal Specialization in 2018 as part of the inaugural class of specialists in this field. She is also recognized by the IAPP as a certified information privacy professional for the US (CIPP/US) and Europe (CIPP/E).

    Click here for more information about Tara.

  • Matthew A. Cordell

    Matthew A. Cordell is the Vice President and General Counsel for Privacy and Technology at VF Corporation.

    VF operates under many consumer brands names you might recognize, including Vans, The North Face, Timberland, Dickies, Supreme, and many others. VF is made up of 70,000 employees in dozens of countries around the world.

    Matt is the founder and Chair of the Privacy and Data Security Specialization Committee of the NC State Bar. He holds several IAPP certifications: CIPP/US, CIPP/E, CIPP/Canada, and CIPM. He is an IAPP and ABA certified Privacy Law Specialist (PLS), and an IAPP Fellow of Information Privacy (FIP).

    Click here for more information about Matthew.

  • Clara R. Cottrell

    Clara R. Cottrell is Assistant General Counsel, Compliance & Privacy for BASF Corporation in Research Triangle Park, North Carolina. As part of the Legal Compliance group, she spends her time exploring and implementing data privacy and protection strategies for the company and in relation to the many digital projects, products, and initiatives across the varied business industries serviced by BASF. She also acts as US support on global and regional projects for data privacy and protection issues.
    Clara received her B.S. in Biochemistry from North Carolina State University and went on to earn her J.D. from Wake Forest University. After law school, Clara clerked for the Honorable Judge Ben Tennille (retired) in the North Carolina Business Court. A registered patent agent, Clara was in private practice at Smith Moore Leatherwood, now Fox Rothschild, in Greensboro, NC, before joining BASF in July 2013. Clara moved into her current data privacy role in January 2020. Clara continues to volunteer her time with Wake Forest University School of Law as a mentor and as a member of the Rose Council for young alumni. She is also actively involved in the North Carolina Bar Association with the Corporate Counsel Section (past Section Chair) and the Privacy and Data Security Section (Council member) as well as Chairing the NCBA CLE Committee and being a member of the NCBA Membership Committee. Clara has been named a 40 Under Forty by The Business Journal, a 2013 Legal Elite Young Guns Best Under 40 and a North Carolina Super Lawyers Rising Star. 

  • Angela P. Doughty

    Angela P. Doughty is a North Carolina State Bar Board Specialist in Trademark Law and a Certified Information Privacy Professional- United States (CIPP/US) who also serves as the firm's Director of Legal Innovation.

    Angela oversees several initiatives to optimize and increase the efficiency of the firm's legal services. In addition to adopting and executing practices, such as Legal Lean Sigma, Angela is responsible for moving the firm through the implementation of process improvement, design methodologies, and innovative technology.

    In her IP practice, Angela routinely counsels and assists clients with identifying, protecting, enforcing, and managing their U.S. and international IP rights; trademark and service mark selection, clearance, and registration; opposition and cancellation proceedings before the U.S. Patent and Trademark Office; Internet and domain law issues; software development and licensing transactions; and negotiating the acquisition, licensing, and transfer of intellectual property rights.

    Angela has extensive experience with strategic planning and management of IP portfolios, including IP audits to assist clients with the identification of intellectual property assets and the related risks and opportunities.

    Click here for more information about Angela.

  • Jay Exum

    Jay Exum leads Trust Office for Asurion, a global technology service and support company. The Asurion Trust Office manages data and privacy risks for Asurion through its privacy, data governance and audit and compliance arms, and supports Asurion's security and legal teams in driving compliance with privacy and security laws, including the GDPR, CCPA/CPRA, HIPAA and many others.

    Prior to taking his current position at Asurion, Jay led privacy programs for three different companies in three different industries, including PRA Health Sciences, SAS Institute, and Toshiba Global Commerce Solutions.

    In addition to his work in the private sector, Jay also served nearly 10 years as a prosecutor with the United States Department of Justice in the United States Attorney's Office for the Eastern District of North Carolina.

    Jay holds degrees from the University of North Carolina at Chapel Hill in Economics and Psychology and is a graduate of Harvard Law School.

    Click here for more information about Jay.

  • Roy Iversen

    Roy Iversen is Chief Security Architect at Fortalice Solutions, where he assists clients with Offensive and Defensive Security.

    Prior to joining Fortalice, Mr. Iversen served under the CISO as Director of Security Operations Division at the U.S. General Services Administration (GSA).

    Click here for more information about Roy.

  • Elizabeth H. Johnson

    Elizabeth H. Johnson is a member of Wyrick Robbins' privacy and data protection practice group. She has practiced exclusively in that specialty for 16 years.

    Elizabeth is a certified privacy law specialist (NCBA) and a certified information privacy professional (IAPP).

    Click here for more information about Elizabeth.

  • Tom MacKenzie

    Tom MacKenzie has worked with TCDI since 2005 and serves as Co-Lead of Privacy & Security Compliance. This role oversees data privacy and security compliance efforts and also serves as liaison to clients and prospective clients interested in TCDI's controls and approaches to data privacy and security.

    Additionally, Tom provides cybersecurity clients with CISO related services including security assessments, policy and plan development, and employee education on security behavior best practices.

    Tom is Black Belt trained in Lean Six Sigma and holds multiple International Association of Privacy Professionals (IAPP) information privacy certifications including CIPP/US, CIPP/E, and CIPM. Tom is also recognized by the IAPP as a Fellow in Information Privacy (FIP).

    Additionally, Tom holds the Certified eDiscovery Specialist (CEDS) designation, a rigorous program of study and examination sponsored by the Association of Certified eDiscovery Specialists (ACEDS).

    Click here for more information about Tom.

  • Molly F. Martinson

    Molly F. Martinson is a member of Wyrick Robbins' Privacy & Data Security practice group.

    Molly advises clients on matters including data breach notification, HIPAA compliance, and state and federal laws that impact collection, storage, use, and protection of personal information such as the Telephone Consumer Protection Act, CAN-SPAM, COPPA, and the Song-Beverly Credit Card Act.

    Molly helps clients assess the privacy and data security risks associated with new initiatives, assists clients with the identification and implementation of risk-mitigating controls, and administers privacy and data security investigations and assessments. She also regularly prepares and revises privacy notices and contracts to account for the requirements of the EU General Data Protection Regulation (GDPR).

    Molly received her B.A., cum laude from Wake Forest University and her J.D. with honors from UNC School of Law. During law school, Molly was an Articles Editor for the North Carolina Law Review, as well as a Dean's Fellow and an Honors Writing Scholar. She also received the Gressman-Pollitt Award for Excellence in Oral Advocacy.

    Molly served as a law clerk to the Honorable Robert N. Hunter, Jr. on the Supreme Court of North Carolina and the North Carolina Court of Appeals before entering private practice.

    Click here for more information about Molly.

  • Peter N. McClelland

    Peter N. McClelland is an attorney and a Certified Information Privacy Professional/US (CIPP/US) who assists clients in a range of privacy, data security, cyber supply chain and technology matters.

    Peter regularly counsels on the legal requirements and risks associated with the collection, storage, transfer, use, protection, and disposal of data. Businesses and individuals rely on his privacy and data security expertise for structuring and operationalizing privacy compliance programs, data breach response and planning, contract and vendor management, and licensing and technology transactions.

    Peter's practice encompasses counsel on a wide variety of state, federal, and international regulations such as Health Insurance Portability Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH), Gramm-Leach-Bliley Act, the Fair Credit Reporting Act (FCRA), CAN-SPAM, Children's Online Privacy Protection Rule (COPPA), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and international data transfer mechanisms.

    Prior to joining Ward and Smith, Peter worked as an in-house attorney for a North Carolina technology cybersecurity startup, where he managed all in-house legal affairs for strategic cyber risk management and data analytics. He also represented the company on a U.S. Department of Homeland Security's Cyber Supply Chain Risk Management Task Force.

    Peter also served as a resident-in-practice for the North Carolina Business Court.

    Click here for more information about Peter.

  • Karin M. McGinnis

    Karin M. McGinnis CIPP/US, is known as a true business partner when litigating and providing counsel to her clients. She is the co-head of Moore & Van Allen PLLC's Privacy and Data Security group.

    Well versed in employment, privacy, and general commercial litigation, Karin helps clients navigate a range of complex issues.

    In addition to employment and privacy matters, Karin has successfully litigated a wide range of matters, including lawsuits involving trade secret misappropriation, defamation, violations of noncompetition agreements, antitrust matters, breach of commercial contracts, fraudulent conveyances, unfair trade practices, and shareholder and corporate disputes.

    Karin regularly counsels her clients on how to implement best practices to avoid legal pitfalls but is also their first line of defense when matters arise. She understands that ongoing technological advancement means that the law, especially privacy and employment laws, are constantly evolving and stays apprised of federal and state laws to ensure her clients are in compliance.

    Click here for more information about Karin.

  • Hayden McKaskle

    Hayden McKaskle manages the relationships with privacy and data security attorneys across North America and the UK for Unit 42.

    In his role, Hayden pulls together resources to rapidly respond and serve clients and outside counsel. Unit 42 is a cybersecurity consulting group that brings together world-class threat researchers and elite incident responders to protect enterprises and organizations against the latest cyberthreats.

    Prior to joining Palo Alto Networks, Hayden was Managing Director of Channel Market Partners, a channel development and consulting company focused on data risk. He has decades of experience in IT services and security including time at IBM and Kroll and was formerly CEO of Emco Electronics Ltd. in the United Kingdom.

    Hayden studied Economics at the University of Tennessee and lives in Nashville.

    Click here for more information about Hayden.

  • Lynn C. Percival IV

    Lynn C. Percival IV leads the Privacy and Data Security Practice Group at Wyrick Robbins.

    Lynn's experience includes representation of organizations in the retail, technology, financial, media, advertising, and health care sectors, among others.

    Lynn advises clients on compliance with a multitude of privacy and data security laws, such as HIPAA, the Telephone Consumer Protection Act, the Gramm-Leach-Bliley Act, GDPR, and state privacy and data security laws, including the California Consumer Privacy Act, the California Privacy Rights Act, the Virginia Consumer Data Protection Act, and the Colorado Privacy Act.

    Lynn helps clients establish compliance programs, respond to data breaches, and administer privacy and data security investigations and assessments.

    Lynn has experience advising clients on compliance challenges posed by significant company initiatives such as digita therapeutics, behavioral advertising, location tracking, consumer-facing mobile payment initiatives, international data transfers, data analytics and aggregation services, data broker services, vendor management, and phone call, text message, and email outreach programs.

    Click here for more information about Lynn.

  • Shannon B. Ralich

    Shannon B. Ralich holds the position of Associate General Counsel, Senior Director of Privacy, at Zendesk.

    Shannon is a Board Certified Specialist in Privacy and Information Security Law by the North Carolina State Bar and is a Fellow of Information Privacy, Certified Information Privacy Manager, and Certified Information Privacy Professional (CIPP) E and US.

    Shannon is Co-Chair of the International Data Privacy Committee of the Privacy and Data Security Section and Council Member of the Corporate Counsel Section of the North Carolina Bar Association, past Co-Chair of the CLE Committee of the Corporate Counsel Section of the North Carolina Bar Association, a Co-Founder of a STEM nonprofit organization, and past Triangle Business Journal 40 under 40 Leadership Award winner.

    Shannon holds a J.D. from North Carolina Central University evening program and a Bachelor of Science from Nova Southeastern University.

    Click here for more information about Shannon.

If you did not attend this program in its entirety, please fill out a partial credit form to ensure that we report your credit accurately.

Please send your completed form to within seven days of this program.

As an attendee of this CLE program your feedback is important.

Click here to fill out the program evaluation.
October 28, 2021
Thu 8:25 AM EDT
North Carolina Bar Center 8000 Weston Parkway Cary, NC 27511 919.677.0561

View map and directions

Duration 8H 0M

No longer available for purchase
Already Registered?
For Technical Support
(888) 705-6002
+1 (858) 201-4136*
*for callers residing outside of the United States