Skip to main content

SolarWinds of Change and Other Challenges for the Privacy and Data Security Practitioner (2021 Privacy & Data Security Section Program)

8:55        Welcome and Introductions

Steve Snyder, Bradley Arant Boult Cummings LLP, Charlotte, 2021-2022 Section Chair, presiding

9:00        Updates in Privacy Law

Matthew A. Cordell, VF Corporation, Greensboro
Elizabeth H. Johnson, Wyrick Robbins Yates & Ponton LLP, Raleigh

This session covers recent and pending updates to data privacy law both internationally and in the United States, with a focus on the practical implications of those changes and tips for preparing your clients.

10:00      Break

10:10      Ethics in Privacy and Data Security*‡

Jay Exum, Asurion, Raleigh
Lynn C. Percival IV, Wyrick Robbins Yates & Ponton LLP, Raleigh

Implementing security measures, avoiding phishing, preserving attorney-client privilege in a data breach—there are a multitude of ethical issues for lawyers relating to privacy and data security. This session helps attendees navigate them.

11:10      Break

11:20      AI in the USA

Roy Iversen, Fortalice Solutions LLC, Washington D.C.
Karin M. McGinnis, Moore & Van Allen PLLC, Charlotte

Artificial intelligence (AI) is everywhere but is largely unregulated in the U.S. During this presentation, review FTC guidance and decisions on AI and discuss new state law requirements. With insight from a technical expert, attendees also gain a better understanding of what AI is and why it has lawmakers concerned.

12:20      Lunch Break

1:05        Avoiding a SolarWinds in Your Business

Tom MacKenzie, TCDI, Greensboro
Peter N. McClelland, Ward and Smith PA, Raleigh

Take a look at the SolarWinds breach and its implications for corporate technology procurement policies, cyber supply chain risk management and due diligence. The session also covers best practices for vendor management, audits and related security frameworks.

2:05        Break

2:15        Legally Required Impact Assessments: How to Do It Right

Clara Cottrell, BASF Corporation, Raleigh
Molly F. Martinson, Wyrick Robbins Yates & Ponton LLP, Raleigh
Shannon B. Ralich, Zendesk, Raleigh

Review the recent requirements of GDPR and various U.S. state laws for businesses to conduct privacy and transfer impact assessments. The speakers also outline the legal requirements and provide practical insights on how businesses are approaching those requirements.

3:15        Break

3:25        Mock Data Breach

Alicia Bowers, Atrium Health, Charlotte
Tara N. Cho, Womble Bond Dickinson (U.S.) LLP, Raleigh
Hayden McKaskle, Palo Alto Networks, Nashville, TN

Cyberattacks, like the recent ones against Colonial Pipeline and meat processor JBS, are crippling organizations in nearly every industry sector. During this session, the speakers walk through the response to a ransomware attack of a health care organization and provide practical tips for containing the breach, complying with legal obligations, and minimizing the harm to patients and the organization.

3:35        Break

4:25        Adjourn

* Indicates portion providing Ethics/Professional Responsibility credit
‡ Indicates portion providing Technology Training credit


This CLE updates attendees on recent developments in privacy legislation, addresses ethical considerations in this era of emerging challenges and technology, dives into AI, and provides practical legal guidance on navigating vendor contracting issues based on lessons learned from SolarWinds.


  • Alicia Bowers

    Alicia Bowers, Atrium Health, Charlotte.

    Click here for more information about Alicia.

  • Tiffany M. Burba

    Tiffany M. Burba is an associate with Parker Poe Adams & Bernstein LLP in Raleigh. Tiffany helps clients negotiate technology contracts and protect their intellectual property rights. She is a leader in North Carolina's intellectual property community, serving on the council of the N.C. Bar Association's Intellectual Property Law Section.

    Tiffany has particular experience at the intersection of intellectual property and technology, including with contracts involving cloud software, data sharing, cybersecurity consulting, and other areas. She has also counseled national companies on compliance with international, federal, and state data privacy regulations.

    Tiffany maintains an active pro bono practice. She has assisted coastal residents with FEMA and disaster relief claims, represented abused and neglected children in Guardian ad Litem appeals, and contributed to the N.C. Pro Bono Resource Center's driver's license restoration initiative. She is also accredited by the U.S. Department of Veterans Affairs to assist veterans in their applications for benefits and other matters before the VA.

    Prior to joining Parker Poe, Tiffany was an associate with the finance group of a law firm in Charlotte, in which she represented commercial banks, investment banks, and other financial institutions in a variety of commercial lending transactions.

    Tiffany received both her law degree and master's degree in finance from Vanderbilt University, where she was a member of the Vanderbilt Law Review and the Jessup International Law Moot Court Team. She has served as a judicial intern for the Honorable John T. Nixon of the U.S. District Court for the Middle District of Tennessee and as a law clerk in the U.S. Attorney's Office for that district.

    Click here for more information about Tiffany.

  • Tara N. Cho

    Tara N. Cho chairs Womble Bond Dickinson (US) LLP's Privacy and Cybersecurity Team. Her practice is dedicated to counseling clients on privacy and data security issues across industries such as technology, retail, e-commerce, healthcare, health-tech, and life sciences. She advises clients on matters related to the CCPA/CPRA, HIPAA, COPPA, TCPA, CAN-SPAM, and other state and federal privacy, cybersecurity and data breach laws in the U.S. She also advises clients on the GDPR and related requirements of European data protection laws. Tara helps companies establish and assess compliance programs, respond to data breaches and security incidents, conduct risk analyses, negotiate contracts that govern data use and security, respond to regulator requests and investigations, and address new and evolving issues stemming from the development of mobile and web-based applications, cloud computing, machine learning and AI tools, IoT devices, and other technology solutions that rely on personal data.

    Tara became certified as a legal specialist in Privacy and Information Security Law by the North Carolina State Bar Board of Legal Specialization in 2018 as part of the inaugural class of specialists in this field. She is also recognized by the IAPP as a certified information privacy professional for the US (CIPP/US) and Europe (CIPP/E).

    Click here for more information about Tara.

  • Matthew A. Cordell

    Matthew A. Cordell is the Senior Information Technology Counsel at VF Corporation, a Fortune 250 company, where he manages a small team focused on privacy law, data security law, and global technology contracting. Matt serves as the founding chair of the NC State Bar's Privacy and Data Security Specialization Committee, the nation's first and only state bar specialization in the practice area. He is certified as a specialist in Privacy and Data Security Law by the NC State Bar, qualified as a Privacy Law Specialist by the International Association of Privacy Professionals (IAPP) and the American Bar Association, and holds both the Certified Information Privacy Professional (CIPP/US) and Certified Information Privacy Manager (CIPM) designations from the IAPP. Before joining VF in 2017, Matt was a shareholder at Ward and Smith, P.A. in Raleigh.

    Matt is a graduate of the UNC School of Law and received his MBA from Campbell University.

    Click here for more information about Matthew.

  • Clara R. Cottrell

    Clara R. Cottrell is senior counsel for compliance and privacy at BASF Corporation in Research Triangle Park, North Carolina. As part of the legal compliance group, she spends her time exploring and implementing data privacy and protection strategies for the company and in relation to the many digital projects, products, and initiatives across the varied business industries serviced by BASF. She also acts as U.S. support on global and regional projects for data privacy and protection issues.

    Clara received her B.S. in biochemistry from North Carolina State University and went on to earn her J.D. from Wake Forest University. After law school, Clara clerked for the Honorable Judge Ben Tennille (retired) in the North Carolina Business Court. A registered patent agent, Clara was in private practice at Smith Moore Leatherwood, now Fox Rothschild, in Greensboro, NC, before joining BASF in July 2013. Clara moved into her current data privacy role in January 2020. Clara continues to volunteer her time with Wake Forest University School of Law as a mentor and as a member of the Rose Council for young alumni. She is also actively involved in the North Carolina Bar Association with the Corporate Counsel Section (past section chair) and the Privacy & Data Security Section (council member), as well as chairing the NCBA CLE Committee and being a member of the NCBA Membership Committee. Clara has been named a 40 Under Forty by The Business Journal, listed as a 2013 Legal Elite Young Guns (Best Under 40) by Business North Carolina and selected to the North Carolina Super Lawyers Rising Star list.

    Clara and her family live in Carrboro, North Carolina, from which they base their many RVing adventures. Her two favorite perks of working for BASF are the global colleagues she interacts with every day and access to the BASF wine cellar in Germany.

    Click here for more information about Clara.

  • Angela P. Doughty

    Angela P. Doughty, CIPP/US is with Ward and Smith PA in New Bern. Angela is a North Carolina State Bar Board Specialist in Trademark Law and a Certified Information Privacy Professional- United States (CIPP/US) who also serves as the firm's Director of Legal Innovation.

    Angela oversees several initiatives to optimize and increase the efficiency of the firm's legal services. In addition to adopting and executing practices, such as Legal Lean Sigma, Angela is responsible for moving the firm through the implementation of process improvement, design methodologies, and innovative technology.

    In her IP practice, Angela routinely counsels and assists clients with identifying, protecting, enforcing, and managing their U.S. and international IP rights; trademark and service mark selection, clearance, and registration; opposition and cancellation proceedings before the U.S. Patent and Trademark Office; Internet and domain law issues; software development and licensing transactions; and negotiating the acquisition, licensing, and transfer of intellectual property rights. She has extensive experience with strategic planning and management of IP portfolios, including IP audits to assist clients with the identification of intellectual property assets and the related risks and opportunities.

    In her Privacy and Data Security practice, Angela advises clients on all aspects of privacy and security regulations including evaluating and implementing compliance programs, responding to data breaches and security incidents, drafting privacy notices and policies, and negotiating consumer and vendor contracts. Her practice encompasses counsel on a wide variety of state and federal regulations such as Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH), Gramm-Leach-Bliley Act, the Fair Credit Reporting Act (FCRA), CAN-SPAM, Children’s Online Privacy Protection Rule (COPPA), General Data Protection Regulation (GDPR), and other international data transfer mechanisms.

    Angela serves on the executive board of the Intellectual Property Law Section of the North Carolina Bar Association and on the North Carolina State Bar Board of Specialization Trademark Law Committee. She has White Belt and Yellow Belt certifications in Legal Lean Sigma® and Project Management from the Legal Lean Sigma Institute. She earned her CIPP/US certification from the ANSI accredited International Association of Privacy Professionals.

    Click here for more information about Angela.

  • Jay Exum

    Jay Exum is the Chief Privacy Officer at Asurion. Prior to joining Asurian in August 2021, Jay lead the in-house privacy team for PRA Health Sciences, a global clinical research and healthcare intelligence company with operations in over 80 countries. His team helped PRA and its affliates manage global privacy risk and compliance, including GDPR, CCPA, HIPAA and many others.

    Prior to PRA, Jay acted as Chief Privacy Officer at SAS Institute Inc, a privately-held data analytics company, where he led the development of SAS' privacy and GDPR program. His interest in privacy and data security matters developed while acting as Chief Compliance Officer at Toshiba Global Commerce Solutions Inc, where the fast-rising risks and complexity associated with privacy and security issues grew to occupy an ever-larger share of both his work responsibilities and personal interests.

    In addition to his work in the private sector, Jay also served nearly 10 years as a prosecutor with the United States Department of Justice in the United States Attorney's Office for the Eastern District of North Carolina.

    Jay holds degrees from the University of North Carolina at Chapel Hill in Economics and Psychology and is a graduate of Harvard Law School.

    Click here for more information about Jay.

  • Roy Iversen

    Roy Iversen, Fortalice Solutions LLC, Washington D.C.

    Click here to connect with Roy on Twitter.

  • Elizabeth H. Johnson

    Elizabeth H. Johnson leads the Privacy & Data Security Practice Group at Wyrick Robbins Yates & Ponton LLP in Raleigh. Her practice addresses all aspects of privacy and data security law, including compliance initiatives to address major legal requirements such as HIPAA, Gramm-Leach-Bliley Act, the FCRA, the Telephone Consumer Protection Act, CAN-SPAM, data security breach notification, GDPR, Privacy Shield and other international data transfer mechanisms, COPPA, VPPA, and others.

    Elizabeth has assisted clients with a wide variety of implementation projects including cloud computing, health information exchanges, patient portals, bring-your-own-device, mobile applications, location tracking, online behavioral advertising, direct marketing, and complex customer insights initiatives. She also helps clients with government agency inquiries pertaining to privacy and data security, such as HIPAA compliance reviews conducted by the U.S. Department of Health and Human Services.

    Elizabeth regularly leads privileged assessments and investigations, such as forensic examinations, vulnerability and compromise assessments, and data security evaluations. Her team has addressed more than 400 data security breaches.

    Click here for more information about Elizabeth. 

  • Tom MacKenzie

    Tom MacKenzie is a Independent Privacy & Security Consultant in Greensboro. Tom recently served as Vice President, Privacy & Security Compliance at TCDI. In this senior-leadership role, he was responsible for privacy and data security compliance efforts at TCDI. As part of his client-facing responsibilities, Tom was the liaison for clients and prospective clients interested in TCDI's controls and approaches to data privacy and security.

    Tom retired from TCDI at the end of June, 2020 and is now providing independent privacy & security consulting services on a limited and exclusive basis.

    Tom is Black Belt trained in Lean Six Sigma and holds multiple IAPP information privacy certifications (CIPP/US, CIPP/E, CIPM, FIP) recognized as the global industry standard for professionals in the field of privacy. He also holds the Certified eDiscovery Specialist (CEDS) designation, a rigorous program of study and examination sponsored by the Association of Certified E-Discovery Specialists (ACEDS).

    Click here for more information about Tom.

  • Molly F. Martinson

    Molly F. Martinson is an attorney with Wyrick Robbins Yates & Ponton LLP in Raleigh. Molly is a member of the firm's Privacy & Data Security practice group. She advises clients on matters including data breach notification, HIPAA compliance, and state and federal laws that impact collection, storage, use, and protection of personal information such as the Telephone Consumer Protection Act, CAN-SPAM, COPPA, and the Song-Beverly Credit Card Act. She helps clients assess the privacy and data security risks associated with new initiatives, assists clients with the identification and implementation of risk-mitigating controls, and administers privacy and data security investigations and assessments. She also regularly prepares and revises privacy notices and contracts to account for the requirements of the EU General Data Protection Regulation (GDPR).

    Molly received her B.A., cum laude, from Wake Forest University and her J.D. with honors from UNC School of Law. During law school, Molly was an Articles Editor for the North Carolina Law Review, as well as a Dean's Fellow and an Honors Writing Scholar. She also received the Gressman-Pollitt Award for Excellence in Oral Advocacy. Molly served as a law clerk to the Honorable Robert N. Hunter, Jr. on the Supreme Court of North Carolina and the North Carolina Court of Appeals before entering private practice.

    Molly writes extensively on privacy matters. Visit our privacy law blog to read her take on current data privacy-related events.

    Click here for more information about Molly.

  • Peter N. McClelland

    Peter N. McClelland is a Privacy, Data Security, and Technology Attorney with Ward and Smith PA in Raleigh. Peter is a Certified Information Privacy Professional/US (CIPP/US) who assists clients in a range of privacy, data security, cyber supply chain and technology matters.

    Peter regularly counsels on the legal requirements and risks associated with the collection, storage, transfer, use, protection, and disposal of data. Businesses and individuals rely on his privacy and data security expertise for structuring and operationalizing privacy compliance programs, data breach response and planning, contract and vendor management, and licensing and technology transactions. His practice encompasses counsel on a wide variety of state, federal, and international regulations such as Health Insurance Portability Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH), Gramm-Leach-Bliley Act, the Fair Credit Reporting Act (FCRA), CAN-SPAM, Children's Online Privacy Protection Rule (COPPA), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and international data transfer mechanisms.

    Prior to joining Ward and Smith, Peter worked as an in-house attorney for a North Carolina technology cybersecurity startup, where he managed all in-house legal affairs for strategic cyber risk management and data analytics. He also represented the company on a U.S. Department of Homeland Security's Cyber Supply Chain Risk Management Task Force.

    Peter also served as a resident-in-practice for the North Carolina Business Court.

    Peter earned his B.A. from the University of North Carolina at Chapel Hill in 2015 and his J.D., magna cum laude, from Elon University School of Law in 2017.

    Click here for more information about Peter.

  • Karin M. McGinnis

    Karin M. McGinnis is co-chair of Moore & Van Allen's Privacy and Data Security group in Charlotte and has handled a wide variety of privacy and data security matters. With over two decades of experience, she has assisted clients with privacy and data security issues regionally, nationally and internationally, including compliance with data security and privacy laws in all 50 states, Canada, Latin America, Europe and Asia. Her wide-range of experience includes preparing clients for and responding to data breaches, drafting and advising on vendor agreements, international data transfers, record retention, PCI-DSS issues, privacy policies, notices and consents, and online privacy compliance.

    Also a member of Moore & Van Allen's litigation and employment teams, Karin has a special emphasis on privacy and data security in the workplace, including drug testing, background checks, international ethics hotlines, Bring Your Own Device ("BYOD"), and employee mobile device policies and programs, confidentiality under the ADAAA, the FMLA and other employment laws, spoofing and business email compromises, employee monitoring, and litigation and advice involving trade secret misappropriation, the Computer Fraud and Abuse Act, the Stored Communications Act, HIPAA, and state computer trespass laws.

    Karin is a certified North Carolina Bar Privacy and Data Security Specialist and is a member of the North Carolina State Bar Specialization Committee for Privacy and Data Security. She is a frequent speaker and author on privacy and data security topics.

    Click here for more information about Karin.

  • Hayden McKaskle

    Hayden McKaskle is a North America Sales Manager - Law Firm Channel at Unit 42 at Palo Alto Networks in Nashville, TN. Hayden is an experienced business development leader with a demonstrated history of working in the information technology, security, software and services industries. He is skilled in Sales, Sales Management, Business Development, & Sales Training. He has a successful track record in closing business in Fortune 500 firms and multi-national corporations and a proven experience doing business on every continent.

    Click here for more information about Hayden.

  • Lynn C. Percival IV

    Lynn C. Percival IV is an attorney with Wyrick Robbins Yates & Ponton LLP in Raleigh. Lynn's practice is dedicated to privacy and data security. His experience includes representation of organizations in the retail, technology, financial, advertising, and health care sectors, among others. Lynn advises clients on compliance with a multitude of privacy and data security laws, such as HIPAA, the Telephone Consumer Protection Act, the Gramm-Leach-Bliley Act, GDPR, the Video Privacy Protection Act, the FCRA, CAN-SPAM, COPPA, the Wiretap Act, the Stored Communications Act, and state privacy and data security laws, including the California Consumer Privacy Act, the Illinois Biometric Information Privacy Act, and the South Carolina Insurance Data Security Act. He helps clients establish compliance programs, respond to data breaches, and administer privacy and data security investigations and assessments. Lynn also regularly assists clients on privacy and data security issues arising in transactional matters, such as due diligence and contract negotiation. He has experience advising clients on compliance challenges posed by significant company initiatives such as behavioral advertising, location tracking, consumer-facing mobile payment initiatives (including bill pay, money transfers, and check cashing), international data transfers, data analytics and aggregation services, mobile applications, employee monitoring, privacy policy creation and updates, vendor management, and phone call, text message, and email outreach programs directed to consumers and employees.

    A Raleigh native, Lynn received his B.S. from East Carolina University and his J.D., magna cum laude, from Campbell University, where he served as the Editor in Chief of the Campbell Law Review. Lynn served as a law clerk to the Honorable Robert N. Hunter, Jr., and the Honorable Sanford L. Steelman, Jr., of the North Carolina Court of Appeals before entering private practice.

    Click here for more information about Lynn.

  • Shannon B. Ralich

    Shannon B. Ralich is with Zendesk in Raleigh. She previously held the position of Associate General Counsel at Bandwidth in Raleigh.

    Shannon is a Board-Certified Specialist in Privacy and Information Security Law, a Certified Information Privacy Professional (CIPP/US and CIPP/E), Certified Information Privacy Manager, is the Co-Chair of the CLE Committee of the NCBA Corporate Counsel Section and Co-Chair of the International Data Privacy Committee of the NCBA Privacy & Data Security Section. She is also a Triangle Business Journal 40 under 40 leadership award winner.

    Shannon received her B.S. degree from Nova Southeastern University and her J.D. degree from North Carolina Central University School of Law.

October 28, 2021
Thu 8:25 AM EDT

Duration 8H 0M

You can access this item by buying entire section

Buy entire section:

Already Registered?
For Technical Support
(888) 705-6002
+1 (858) 201-4136*
*for callers residing outside of the United States