8:55 Welcome and Introductions
9:00 Updates in Privacy Law‡
Matthew A. Cordell, VF Corporation, Greensboro
Elizabeth H. Johnson, Wyrick Robbins Yates & Ponton LLP, Raleigh
This session covers recent and pending updates to data privacy law both internationally and in the United States, with a focus on the practical implications of those changes and tips for preparing your clients.
10:00 Break
10:10 Ethics in Privacy and Data Security*‡
Jay Exum, Asurion, Raleigh
Brian Oten, NC State Bar, Raleigh
Lynn C. Percival IV, Wyrick Robbins Yates & Ponton LLP, Raleigh
Implementing security measures, avoiding phishing, preserving attorney-client privilege in a data breach—there are a multitude of ethical issues for lawyers relating to privacy and data security. This session helps attendees navigate them.
11:10 Break
11:20 AI in the USA‡
Roy Iversen, Fortalice Solutions LLC, Washington D.C.
Karin M. McGinnis, Moore & Van Allen PLLC, Charlotte
Artificial intelligence (AI) is everywhere but is largely unregulated in the U.S. During this presentation, review FTC guidance and decisions on AI and discuss new state law requirements. With insight from a technical expert, attendees also gain a better understanding of what AI is and why it has lawmakers concerned.
12:20 Lunch Break
1:05 Avoiding a SolarWinds in Your Business‡
Tom MacKenzie, TCDI, Greensboro
Peter N. McClelland, Ward and Smith PA, Raleigh
Take a look at the SolarWinds breach and its implications for corporate technology procurement policies, cyber supply chain risk management and due diligence. The session also covers best practices for vendor management, audits and related security frameworks.
2:05 Break
2:15 Legally Required Impact Assessments: How to Do It Right‡
Clara Cottrell, BASF Corporation, Raleigh
Molly F. Martinson, Wyrick Robbins Yates & Ponton LLP, Raleigh
Shannon B. Ralich, Zendesk, Raleigh
Review the recent requirements of GDPR and various U.S. state laws for businesses to conduct privacy and transfer impact assessments. The speakers also outline the legal requirements and provide practical insights on how businesses are approaching those requirements.
3:15 Break
3:25 Mock Data Breach‡
Alicia Bowers, Atrium Health, Charlotte
Tara N. Cho, Womble Bond Dickinson (U.S.) LLP, Raleigh
Hayden McKaskle, Palo Alto Networks, Nashville, TN
Cyberattacks, like the recent ones against Colonial Pipeline and meat processor JBS, are crippling organizations in nearly every industry sector. During this session, the speakers walk through the response to a ransomware attack of a health care organization and provide practical tips for containing the breach, complying with legal obligations, and minimizing the harm to patients and the organization.
4:25 Adjourn
* Indicates portion providing Ethics/Professional Responsibility credit
‡ Indicates portion providing Technology Training credit
Thank you for joining us for SolarWinds of Change and Other Challenges for the Privacy and Data Security Practitioner (2021 Privacy & Data Security Section Program).
This CLE updates attendees on recent developments in privacy legislation, addresses ethical considerations in this era of emerging challenges and technology, dives into AI, and provides practical legal guidance on navigating vendor contracting issues based on lessons learned from SolarWinds.
Alicia Bowers is the Senior Vice President and Enterprise Chief Privacy and Compliance Officer for Atrium Health, an integrated non-profit health system with more than 70,000 teammates, 40 hospitals, and 1,500 care locations.
Alicia attended the University of North Carolina at Chapel Hill, where she received both an undergraduate degree and a Juris Doctor with Honors. After spending six years with Johnston, Allison & Hord focusing on litigation, appellate law, and health care law, Alicia joined Atrium Health in 2005 as in-house counsel.
Alicia has advised on a variety of risk, operational, regulatory, and contractual health care matters, including HIPAA, patient care and risk management issues, EMTALA, and 340B. In 2013, she transitioned to lead the Privacy Program and co-managed the largest breach in healthcare in 2018.
In addition to serving as the Enterprise Chief Privacy Officer, Alicia is also the Enterprise Chief Compliance Officer and leads the Enterprise Risk Management program.
Click here for more information about Alicia.
Tiffany M. Burba is an associate at Parker Poe Adams & Bernstein LLP in Raleigh. She helps clients negotiate technology contracts and protect their intellectual property rights. She prioritizes understanding her clients' business goals and is skilled at drafting contracts to mitigate risk in pursuit of those goals.
Tiffany has particular experience at the intersection of intellectual property and technology, having drafted and negotiated over one thousand contracts involving cloud software, data sharing, cybersecurity consulting, and other areas. She has negotiated multi-million dollar deals with some of the country's prominent life sciences and software companies. Tiffany has experience on both sides of a technology transaction, simultaneously representing large institutional clients in their day-to-day IT procurement endeavors and independent cloud services companies in their revenue-generating licensing deals.
Outside of work, Tiffany can be found teaching a course on software licensing, technology, and data privacy at Campbell Law School or serving on the leadership council of the North Carolina Bar Association's Intellectual Property Section. She also maintains a robust pro bono practice and received the 2020 Younger Lawyer Pro Bono Award from the N.C. Bar Association.
Tiffany was named the 2022 Intellectual Property Section Member of the Year by the N.C. Bar Association. She has also been listed as one of Raleigh Magazine's "20 in their 20's."
Tiffany earned her B.A. from The University of Maryland, her J.D. and M.S. in Finance from Vanderbilt University.
Click here for more information about Tiffany.
Tara N. Cho chairs Womble Bond Dickinson (US) LLP's Privacy and Cybersecurity Team in Raleigh. Her practice is dedicated to counseling clients on privacy and data security issues across industries such as technology, retail, e-commerce, healthcare, health-tech, and life sciences. She advises clients on matters related to the CCPA, CPRA and other state privacy laws, HIPAA, Gramm-Leach-Bliley Act, TCPA, CAN-SPAM, and other state and federal privacy, cybersecurity and data breach laws in the U.S. She also advises clients on the GDPR (and UK GDPR) and related requirements of European data protection laws.
Tara helps companies establish and assess compliance programs, respond to data breaches and security incidents, conduct risk analyses, negotiate contracts that govern data use and security, respond to regulator requests and investigations, and address new and evolving issues stemming from the development of mobile and web-based applications, cloud computing, machine learning and AI tools, IoT devices, and other technology solutions that rely on personal data.
Tara became certified as a legal specialist in Privacy and Information Security Law by the North Carolina State Bar Board of Legal Specialization in 2018 as part of the inaugural class of specialists in this field. She is also recognized by the IAPP as a certified information privacy professional for the US (CIPP/US) and Europe (CIPP/E).
Click here for more information about Tara.
Matthew A. Cordell is the Vice President and General Counsel for Privacy and Technology at VF Corporation in Greensboro.
Matt is the founder and Chair of the Privacy and Data Security Specialization Committee of the NC State Bar. He holds several IAPP certifications: CIPP/US, CIPP/E, CIPP/Canada, and CIPM. He is an IAPP and ABA certified Privacy Law Specialist (PLS), and an IAPP Fellow of Information Privacy (FIP).
Matt earned his B.B.A., summa cum laude, majoring in Trust and Investment Management and minoring in Financial Planning from Campbell University, his M.B.A., with distinction, from Lundy-Fetterman School of Business and his J.D., with honors, from the University of North Carolina School of Law.
Click here for more information about Matthew.
Clara R. Cottrell is Assistant General Counsel, Compliance & Privacy for BASF Corporation in Research Triangle Park. As part of the Legal Compliance group, she spends her time exploring and implementing data privacy and protection strategies for the company and in relation to the many digital projects, products, and initiatives across the varied business industries serviced by BASF. She also acts as US support on global and regional projects for data privacy and protection issues.
A registered patent agent, Clara was in private practice at Smith Moore Leatherwood, now Fox Rothschild, in Greensboro, before joining BASF in July 2013. Clara moved into her current data privacy role in January 2020.
Clara is actively involved in the North Carolina Bar Association with the Corporate Counsel Section (past Section Chair) and the Privacy and Data Security Section (Council member) as well as Chairing the NCBA CLE Committee and being a member of the NCBA Membership Committee. She has been named a 40 Under Forty by The Business Journal, a 2013 Legal Elite Young Guns Best Under 40 and a North Carolina Super Lawyers Rising Star.
Clara earned her B.S. in Biochemistry from North Carolina State University and went on to earn her J.D. from Wake Forest University. After law school, Clara clerked for the Honorable Judge Ben Tennille (retired) in the North Carolina Business Court.
Click here for more information about Clara.
Angela P. Doughty is an IP and Privacy attorney at Ward and Smith PA in New Bern. She also serves as the firm's Director of Legal Innovation. She is a North Carolina State Bar Board Specialist in Trademark Law and a Certified Information Privacy Professional- United States (CIPP/US).
Angela oversees several initiatives to optimize and increase the efficiency of the firm's legal services. In addition to adopting and executing practices, such as Legal Lean Sigma, Angela is responsible for moving the firm through the implementation of process improvement, design methodologies, and innovative technology.
In her IP practice, Angela routinely counsels and assists clients with identifying, protecting, enforcing, and managing their U.S. and international IP rights; trademark and service mark selection, clearance, and registration; opposition and cancellation proceedings before the U.S. Patent and Trademark Office; Internet and domain law issues; software development and licensing transactions; and negotiating the acquisition, licensing, and transfer of intellectual property rights. She has extensive experience with strategic planning and management of IP portfolios, including IP audits to assist clients with the identification of intellectual property assets and the related risks and opportunities.
Angela earned her B.S., summa cum laude, in Business Management - Logisitics and Operations from North Carolina State University, her J.D., from Campbell University Norman Adrian Wiggins School of Law and her M.B.A., from Campbell University Lundy-Fetterman School of Business.
Click here for more information about Angela.
Jay Exum leads Trust Office for Asurion, a global technology service and support company. The Asurion Trust Office manages data and privacy risks for Asurion through its privacy, data governance and audit and compliance arms, and supports Asurion's security and legal teams in driving compliance with privacy and security laws, including the GDPR, CCPA/CPRA, HIPAA and many others.
Prior to taking his current position at Asurion, Jay led privacy programs for three different companies in three different industries, including PRA Health Sciences, SAS Institute, and Toshiba Global Commerce Solutions.
In addition to his work in the private sector, Jay also served nearly 10 years as a prosecutor with the United States Department of Justice in the United States Attorney's Office for the Eastern District of North Carolina.
Jay holds degrees from the University of North Carolina at Chapel Hill in Economics and Psychology and is a graduate of Harvard Law School.
Click here for more information about Jay.
Roy Iversen is Chief Security Architect at Fortalice Solutions, where he assists clients with Offensive and Defensive Security.
Prior to joining Fortalice, Mr. Iversen served under the CISO as Director of Security Operations Division at the U.S. General Services Administration (GSA).
Click here for more information about Roy.
Elizabeth H. Johnson is a parnter at Wyrick Robbins Yates & Ponton LLP in Raleigh and is a member of Wyrick Robbins' Privacy & Data Security Practice Group, which she formerly led for 12 years. Her practice addresses all aspects of U.S. privacy and data security law, as well as GDPR and international data transfer mechanisms.
Elizabeth enjoys helping clients with compliance initiatives to address privacy and data security and has assisted with a wide variety of implementation projects including data subject rights portals, telehealth, health information exchanges, mobile applications ranging from wellness programs to ecommerce to gaming, precise location tracking, biometric authentication, and complex customer insights initiatives including fraud prevention. Elizabeth also supports all aspects of data breach preparation and response, including leading forensic investigations, advising on ransomware response, supporting notification to affected parties, coordinating with law enforcement, and handling government agency notifications and inquiries.
Elizabeth is a Privacy and Information Security Law Specialist with the North Carolina State Bar Board of Legal Specialization and a Certified Information Privacy Professional/United States (CIPP/US) with the International Association of Privacy Professionals.
Elizabeth received her B.A., magna cum laude, from Coe College as a Phi Beta Kappa graduate and her J.D., cum laude, from Duke University. She also received her Master of Environmental Management from Duke University Nicholas School of Earth and Environmental Sciences.
Click here for more information about Elizabeth.
Tom MacKenzie has worked with TCDI since 2005 and serves as Co-Lead of Privacy & Security Compliance. This role oversees data privacy and security compliance efforts and also serves as liaison to clients and prospective clients interested in TCDI's controls and approaches to data privacy and security.
Additionally, Tom provides cybersecurity clients with CISO related services including security assessments, policy and plan development, and employee education on security behavior best practices.
Tom is Black Belt trained in Lean Six Sigma and holds multiple International Association of Privacy Professionals (IAPP) information privacy certifications including CIPP/US, CIPP/E, and CIPM. Tom is also recognized by the IAPP as a Fellow in Information Privacy (FIP).
Additionally, Tom holds the Certified eDiscovery Specialist (CEDS) designation, a rigorous program of study and examination sponsored by the Association of Certified eDiscovery Specialists (ACEDS).
Click here for more information about Tom.
Molly F. Martinson is a member at Wyrick Robbins Yates & Ponton LLP in Raleigh and a member of the firm's Privacy & Data Security practice group. She advises clients on matters including data breach notification and compliance with state and federal laws that impact collection, storage, use, sharing, and protection of personal information, such as the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), CAN-SPAM, the Children’s Online Privacy Protection Act (COPPA), laws regulating data brokers, and laws governing website and mobile application privacy policies.
Molly also counsels clients on a broad spectrum of HIPAA compliance-related matters, including assessing HIPAA applicability, drafting HIPAA policies and procedures, responding to data requests from the U.S. Department of Health and Human Services Office for Civil Rights, evaluating data breach notification obligations when protected health information is compromised, drafting and negotiating business associate agreements, training workforce members, and conducting HIPAA security assessments and risk analyses.
Molly is a member of the Privacy and Data Security Section of the North Carolina Bar Association, International Association of Privacy Professionals, North Carolina Tech Association and the Wake County Bar Association.
Molly earned her B.A., cum laude from Wake Forest University and her J.D., with honors, from UNC School of Law.
Click here for more information about Molly.
Peter N. McClelland is an in-house privacy counsel at CyberArk Software Inc in Burlington.
Before joining CyberArk, he performed roles as an attorney with Ward and Smith in Raleigh focused on Privacy, Data Security, & Technology issues and as the sole in-house attorney with a North Carolina cybersecurity startup, where he represented the company on the Department of Homeland Security's Cyber Supply Chain Risk Management Task Force in addition to offering legal counsel.
Peter earned his B.A. in Political Science and History with a minor in Hispanic Studies from the University of North Carolina at Chapel Hill and his J.D., magna cum laude, from Elon University School of Law.
Click here for more information about Peter.
Karin M. McGinnis is a member at Moore & Van Allen PLLC in Charlotte. She is the co-head of the firm's Privacy & Data Security, Employment & Labor and Litigation groups.
Well versed in employment, privacy, and general commercial litigation, Karin helps clients navigate a range of complex issues. In addition to employment and privacy matters, she has successfully litigated a wide range of matters, including lawsuits involving trade secret misappropriation, defamation, violations of noncompetition agreements, antitrust matters, breach of commercial contracts, fraudulent conveyances, unfair trade practices, and shareholder and corporate disputes.
Karin regularly counsels her clients on how to implement best practices to avoid legal pitfalls but is also their first line of defense when matters arise. She understands that ongoing technological advancement means that the law, especially privacy and employment laws, are constantly evolving and stays apprised of federal and state laws to ensure her clients are in compliance.
Karin earned her B.S. in English from East Carolina University and her J.D., with high honors, from the University of North Carolina at Chapel Hill.
Click here for more information about Karin.
Hayden McKaskle manages the relationships with privacy and data security attorneys across North America and the UK for Unit 42.
In his role, Hayden pulls together resources to rapidly respond and serve clients and outside counsel. Unit 42 is a cybersecurity consulting group that brings together world-class threat researchers and elite incident responders to protect enterprises and organizations against the latest cyberthreats.
Prior to joining Palo Alto Networks, Hayden was Managing Director of Channel Market Partners, a channel development and consulting company focused on data risk. He has decades of experience in IT services and security including time at IBM and Kroll and was formerly CEO of Emco Electronics Ltd. in the United Kingdom.
Hayden studied Economics at the University of Tennessee and lives in Nashville.
Click here for more information about Hayden.
Brian P. Oten is the Director for Ethics and Special Programs at the North Carolina State Bar.
Brian joined the State Bar's Office of Counsel in 2007 as deputy counsel and moved to his current role in 2018 where he serves as chief ethics counsel and director for the boards of legal specialization and paralegal certification.
Brian earned his B.A. from UNC-Chapel Hill and his J.D. from the UNC School of Law.
Click here for more information about Brian.
Lynn C. Percival IV leads the Privacy and Data Security Practice Group at Wyrick Robbins.
Lynn's experience includes representation of organizations in the retail, technology, financial, media, advertising, and health care sectors, among others.
Lynn advises clients on compliance with a multitude of privacy and data security laws, such as HIPAA, the Telephone Consumer Protection Act, the Gramm-Leach-Bliley Act, GDPR, and state privacy and data security laws, including the California Consumer Privacy Act, the California Privacy Rights Act, the Virginia Consumer Data Protection Act, and the Colorado Privacy Act.
Lynn helps clients establish compliance programs, respond to data breaches, and administer privacy and data security investigations and assessments.
Lynn has experience advising clients on compliance challenges posed by significant company initiatives such as digita therapeutics, behavioral advertising, location tracking, consumer-facing mobile payment initiatives, international data transfers, data analytics and aggregation services, data broker services, vendor management, and phone call, text message, and email outreach programs.
Click here for more information about Lynn.
Shannon B. Ralich holds the position of Associate General Counsel, Senior Director of Privacy, at Zendesk.
Shannon is a Board Certified Specialist in Privacy and Information Security Law by the North Carolina State Bar and is a Fellow of Information Privacy, Certified Information Privacy Manager, and Certified Information Privacy Professional (CIPP) E and US.
Shannon is Co-Chair of the International Data Privacy Committee of the Privacy and Data Security Section and Council Member of the Corporate Counsel Section of the North Carolina Bar Association, past Co-Chair of the CLE Committee of the Corporate Counsel Section of the North Carolina Bar Association, a Co-Founder of a STEM nonprofit organization, and past Triangle Business Journal 40 under 40 Leadership Award winner.
Shannon holds a J.D. from North Carolina Central University evening program and a Bachelor of Science from Nova Southeastern University.
Click here for more information about Shannon.