8:25 Registration and Continental Breakfast
8:55 Welcome and Introductions
9:00 Updates to Federal Agency Breach Notification Standards
Elizabeth H. Johnson, Wyrick Robbins Yates & Ponton LLP, Raleigh
This session covers the multiple federal agencies with new, revised or pending breach notification standards, including various federal banking regulators, the Securities and Exchange Commission, the Department of Homeland Security, and the Federal Trade Commission. The session also includes a discussion of when and how these new breach notification standards apply to businesses, what triggers the breach notification requirement, and relevant timing requirements.
10:10 Lessons Learned From Law Firm Data Breaches *‡
Steven W. "Will" Quick, Brooks Pierce McLendon Humphrey & Leonard LLP, Raleigh Uta M. Zacharias, Lawyers Mutual Liability Insurance Company of NC, Cary
Law firms collect and maintain a plethora of personal and confidential information about their clients. Time and again we read about law firms falling prey to spearfishing, ransomware, BEC and other similar scams. These and other cyberthreats are a particular concern to attorneys because of their confidentiality obligations and expectation of technical competence. This session explores lawyers' duties following a data breach and provides some useful tips to keep from ending up in the worst-case scenario.
11:20 Cryptocurrency ‡
Steven T. Snyder, Charlotte
Cryptocurrencies have become large, sometimes volatile markets that nonetheless have generated a degree of institutional support in the financial industry. This session examines the privacy and data security implications of cryptocurrencies and the technologies that underlie them for both users and financial institutions and some of the problems that lawyers need to grapple with as a result.
12:20 Lunch Break
12:30-1:10 | Increased Cyber Risks During World Conflict
Colonel John Popiak, Commander, U.S. Army Cyber Protection Brigade
This session does not provide MCLE credit.
1:20 Cybersecurity Framework for Lawyers ‡
Robert M. Botkin, Parker Poe Adams & Bernstein LLP, Raleigh Seth Cutler, Raleigh Sarah F. Hutchins, Parker Poe Adams & Bernstein LLP, Charlotte
This session provides an overview of various cybersecurity principles that data privacy and technology lawyers should know. The speakers review various security standards, with an emphasis on the NIST standards, as well as a brief overview of ISO 27001 and how a SOC II audit works, and provide practical perspectives on how these cybersecurity frameworks might influence privacy-related contracts or litigation matters.
2:30 Development of Corporate Data Protection Program
Katrina Church, Bioventus LLC, Durham Angela P. Doughty, Ward and Smith PA, New Bern Richard Peters, Berkeley Research Group (BRG), Houston, TX Amy R. Worley, Berkeley Research Group (BRG), Raleigh
An effective and successful data protection program cannot be built with just a knowledge of the relevant laws and how to comply with them; it also requires proactive strategies, persuasion, adaptability and an understanding of how an organization operates. This panel discusses practical approaches to developing and implementing an effective corporate data protection program.
3:40 What? Employees Have Privacy Rights Too?
Matthew A. Cordell, VF Corporation, Greensboro Karin M. McGinnis, Moore & Van Allen PLLC, Charlotte Sarah H. Negus, Moore & Van Allen PLLC, Charlotte
A lot of attention has been paid to the privacy rights of consumers and the obligations of businesses with respect to their customers, but businesses also have significant obligations with respect to the privacy of their own employees. The panelists discuss two of the thornier privacy issues facing U.S. employers — biometrics and compliance with the California Privacy Rights Act — and provide practical guidance for employers and the lawyers who advise them.
4:40 Adjourn * Indicates portion providing Ethics/Professional Responsibility credit ‡ Indicates portion providing Technology Training credit
It seems like only yesterday that the United States' privacy and data security legal regimes were a relatively light lift compared to those of the European Union and other parts of the world. Now, privacy and data security professionals are laboring under a bevy of new laws and regulations that signal an increased government interest in regulating businesses' collection, use and disclosure of individuals' personal information.
Robert M. Botkin
Robert M. Botkin is an associate at Parker Poe Adams & Bernstein LLP in Raleigh. He helps clients navigate data privacy and security issues across industries and assists with developing privacy policies, responding to security incidents, and implementing data governance programs. Additionally, he advises on emerging technology regulations, such as artificial intelligence and machine learning.
Robert is an IAPP Certified Information Privacy Technologist (CIPT), IAPP Certified Information Privacy Practitioner/ U.S. (CIPP/US), and Certified AWS Cloud Practitioner.
Prior to joining the firm, Robert was an associate at a large transatlantic law firm and an associate vice president of a bulge bracket bank's Legal Data Protection and Sourcing team.
Robert earned his B.S.,
cum laude, in Economics from Florida State University and his J.D. from Wake Forest University.
Outside of work, Robert serves on the advisory boards of Chabad Young Professionals of Raleigh and the Plant Era.
Click here for more information about Robert.
Tiffany M. Burba
Tiffany M. Burba is an associate at Parker Poe Adams & Bernstein LLP in Raleigh. She helps clients negotiate technology contracts and protect their intellectual property rights. She prioritizes understanding her clients' business goals and is skilled at drafting contracts to mitigate risk in pursuit of those goals.
Tiffany has particular experience at the intersection of intellectual property and technology, having drafted and negotiated over one thousand contracts involving cloud software, data sharing, cybersecurity consulting, and other areas. She has negotiated multi-million dollar deals with some of the country's prominent life sciences and software companies. Tiffany has experience on both sides of a technology transaction, simultaneously representing large institutional clients in their day-to-day IT procurement endeavors and independent cloud services companies in their revenue-generating licensing deals.
Outside of work, Tiffany can be found teaching a course on software licensing, technology, and data privacy at Campbell Law School or serving on the leadership council of the North Carolina Bar Association's Intellectual Property Section. She also maintains a robust pro bono practice and received the 2020 Younger Lawyer Pro Bono Award from the N.C. Bar Association.
Tiffany was named the 2022 Intellectual Property Section Member of the Year by the N.C. Bar Association. She has also been listed as one of Raleigh Magazine's "20 in their 20's."
Tiffany received her B.A. from The University of Maryland, her J.D. and M.S. in Finance from Vanderbilt University.
Click here for more information about Tiffany.
Katrina Church is the Chief Compliance Officer of Bioventus LLC in Durham where she is responsible for all ethics and compliance functions at the company.
Prior to joining Bioventus, Katrina spent nearly 11 years with the Merz Group of companies where she served in several corporate counsel and compliance roles, most recently as Global Compliance Officer for Merz Pharma GmbH & Co KGaA. In 2020, Church was nominated for several industry awards for compliance training, and won the 2020 Women in Compliance Award for "Most Impactful Compliance Training Programme of the Year."
Previously, she was Executive Vice President and General Counsel of Connetics Corporation, a medical dermatology company that was acquired by Stiefel in 2008. Prior to her career with Stiefel, she served as general counsel of VISX, Inc., a medical device company that pioneered the vision treatment known as LASIK. She began her career as an attorney at Hopkins & Carley, a San Jose-based law firm.
Katrina earned her A.B.,
magna cum laude, in Comparative Literature from Duke University and her J.D. from New York University School of Law.
Click here for more information about Katrina.
Matthew A. Cordell
Matthew A. Cordell is the Vice President and General Counsel for Privacy and Technology at VF Corporation in Greensboro.
Matt is the founder and Chair of the Privacy and Data Security Specialization Committee of the NC State Bar. He holds several IAPP certifications: CIPP/US, CIPP/E, CIPP/Canada, and CIPM. He is an IAPP and ABA certified Privacy Law Specialist (PLS), and an IAPP Fellow of Information Privacy (FIP).
Matt earned his B.B.A.,
summa cum laude, majoring in Trust and Investment Management and minoring in Financial Planning from Campbell University, his M.B.A., with distinction, from Lundy-Fetterman School of Business and his J.D., with honors, from the University of North Carolina School of Law.
Click here for more information about Matthew.
Seth Cutler is with Innovaccer in Raleigh. Seth was formerly the Vice President & Chief Information Security Officer (CISO) at NetApp in Research Triangle Park (RTP) where he was responsible for the overall security strategy and execution, global information protection and enterprise on-prem and cloud security programs.
Seth earned his B.A. in Business Administration and Finance & Management Information Systems from the University at Albany, SUNY. He completed the Accelerated Leadership Program at UNC Kenan-Flagler Business School and the Executive Management Program at Duke University Fuqua School of Business.
Click here for more information about Seth.
Angela P. Doughty
Angela P. Doughty is an IP and Privacy attorney at Ward and Smith PA in New Bern. She also serves as the firm's Director of Legal Innovation. She is a North Carolina State Bar Board Specialist in Trademark Law and a Certified Information Privacy Professional- United States (CIPP/US).
Angela oversees several initiatives to optimize and increase the efficiency of the firm's legal services. In addition to adopting and executing practices, such as Legal Lean Sigma, Angela is responsible for moving the firm through the implementation of process improvement, design methodologies, and innovative technology.
In her IP practice, Angela routinely counsels and assists clients with identifying, protecting, enforcing, and managing their U.S. and international IP rights; trademark and service mark selection, clearance, and registration; opposition and cancellation proceedings before the U.S. Patent and Trademark Office; Internet and domain law issues; software development and licensing transactions; and negotiating the acquisition, licensing, and transfer of intellectual property rights. She has extensive experience with strategic planning and management of IP portfolios, including IP audits to assist clients with the identification of intellectual property assets and the related risks and opportunities.
Angela earned her B.S.,
summa cum laude, in Business Management - Logisitics and Operations from North Carolina State University, her J.D., from Campbell University Norman Adrian Wiggins School of Law and her M.B.A., from Campbell University Lundy-Fetterman School of Business.
Click here for more information about Angela.
Sarah F. Hutchins
Sarah F. Hutchins is a partner at Parker Poe Adams & Bernstein LLP in Charlotte. She leads the firm's Cybersecurity & Data Privacy Team, serves as the head of the firm's Recruiting Committee and is a member of Parker Poe's Professional Review Committee and its Security Team. She is certified as a legal specialist in privacy and information security law by the North Carolina State Bar.
Sarah helps clients navigate business litigation, government investigations, and data privacy and cybersecurity. She has significant experience representing clients in business disputes, including over noncompetition and non-solicitation agreements, trade secret misappropriation, and unfair and deceptive trade practices. Her deep understanding of the digital aspects of business litigation allows her to assist clients in quickly identifying a digital trail and isolating key material.
Sarah also has extensive experience in large-scale government investigations featuring the U.S. Department of Justice, the Securities and Exchange Commission, the Federal Trade Commission, and the Consumer Financial Protection Bureau, among other regulators. A seasoned litigator, she is admitted to practice before state and federal courts in North Carolina and Virginia, the Fourth Circuit Court of Appeals, the U.S. District Court for the District of Columbia, and the District of Columbia Court of Appeals.
Sarah earned her B.A.,
cum laude, in Political Science, Public Policy and Economics from Vanderbilt University and her J.D. from William & Mary Law School.
Click here for more information about Sarah.
Elizabeth H. Johnson
Elizabeth H. Johnson is a parnter at Wyrick Robbins Yates & Ponton LLP in Raleigh and is a member of Wyrick Robbins' Privacy & Data Security Practice Group, which she formerly led for 12 years. Her practice addresses all aspects of U.S. privacy and data security law, as well as GDPR and international data transfer mechanisms.
Elizabeth enjoys helping clients with compliance initiatives to address privacy and data security and has assisted with a wide variety of implementation projects including data subject rights portals, telehealth, health information exchanges, mobile applications ranging from wellness programs to ecommerce to gaming, precise location tracking, biometric authentication, and complex customer insights initiatives including fraud prevention. Elizabeth also supports all aspects of data breach preparation and response, including leading forensic investigations, advising on ransomware response, supporting notification to affected parties, coordinating with law enforcement, and handling government agency notifications and inquiries.
Elizabeth is a Privacy and Information Security Law Specialist with the North Carolina State Bar Board of Legal Specialization and a Certified Information Privacy Professional/United States (CIPP/US) with the International Association of Privacy Professionals.
Elizabeth received her B.A.,
magna cum laude, from Coe College as a Phi Beta Kappa graduate and her J.D., cum laude, from Duke University. She also received her Master of Environmental Management from Duke University Nicholas School of Earth and Environmental Sciences.
Click here for more information about Elizabeth.
Molly F. Martinson
Molly F. Martinson is a member at Wyrick Robbins Yates & Ponton LLP in Raleigh and a member of the firm's Privacy & Data Security practice group. She advises clients on matters including data breach notification and compliance with state and federal laws that impact collection, storage, use, sharing, and protection of personal information, such as the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), CAN-SPAM, the Children’s Online Privacy Protection Act (COPPA), laws regulating data brokers, and laws governing website and mobile application privacy policies.
Molly also counsels clients on a broad spectrum of HIPAA compliance-related matters, including assessing HIPAA applicability, drafting HIPAA policies and procedures, responding to data requests from the U.S. Department of Health and Human Services Office for Civil Rights, evaluating data breach notification obligations when protected health information is compromised, drafting and negotiating business associate agreements, training workforce members, and conducting HIPAA security assessments and risk analyses.
Molly is a member of the Privacy and Data Security Section of the North Carolina Bar Association, International Association of Privacy Professionals, North Carolina Tech Association and the Wake County Bar Association.
Molly received her B.A.,
cum laude from Wake Forest University and her J.D., with honors, from UNC School of Law.
Click here for more information about Molly.
Peter N. McClelland
Peter N. McClelland is an in-house privacy counsel at CyberArk Software Inc in Burlington.
Before joining CyberArk, he performed roles as an attorney with Ward and Smith in Raleigh focused on Privacy, Data Security, & Technology issues and as the sole in-house attorney with a North Carolina cybersecurity startup, where he represented the company on the Department of Homeland Security's Cyber Supply Chain Risk Management Task Force in addition to offering legal counsel.
Peter earned his B.A. in Political Science and History with a minor in Hispanic Studies from the University of North Carolina at Chapel Hill and his J.D.,
magna cum laude, from Elon University School of Law.
Click here for more information about Peter.
Karin M. McGinnis
Karin M. McGinnis is a member at Moore & Van Allen PLLC in Charlotte. She is the co-head of the firm's Privacy & Data Security, Employment & Labor and Litigation groups.
Well versed in employment, privacy, and general commercial litigation, Karin helps clients navigate a range of complex issues. In addition to employment and privacy matters, she has successfully litigated a wide range of matters, including lawsuits involving trade secret misappropriation, defamation, violations of noncompetition agreements, antitrust matters, breach of commercial contracts, fraudulent conveyances, unfair trade practices, and shareholder and corporate disputes.
Karin regularly counsels her clients on how to implement best practices to avoid legal pitfalls but is also their first line of defense when matters arise. She understands that ongoing technological advancement means that the law, especially privacy and employment laws, are constantly evolving and stays apprised of federal and state laws to ensure her clients are in compliance.
Karin earned her B.S. in English from East Carolina University and her J.D., with high honors, from the University of North Carolina at Chapel Hill.
Click here for more information about Karin.
Matthew Meinel is a Data Protection & Privacy Managing Consultant at Berkeley Research Group (BRG) in Raleigh. He is a compliance consultant focusing on data privacy and information governance. He leverages his legal training and prior IT consulting experience to provide companies with practical, risk-based implementation solutions for privacy and records management programs.
Matt has experience with clients across multiple industries, including life sciences, manufacturing, eCommerce, and financial services. He holds CIPP-US and CIPP-E certifications from the International Association of Privacy Professionals (IAPP) and serves in several leadership positions with the Raleigh-Durham IAPP chapter and the N.C. Bar Association's Privacy & Data Security Section.
Matt earned his B.A., with honors, in History and Political Science with a minor in Computer Science from Vanderbilt University and his J.D., with honors, from the University of North Carolina School of Law.
Click here for more information about Matt.
Sarah H. Negus
Sarah H. Negus is an attorney member at Moore & Van Allen PLLC in Charlotte. She concentrates her practice in all areas of employment law. She has broad experience in discrimination and retaliation claims under Title VII of the Civil Rights Act, the Age Discrimination in Employment Act, the Americans with Disabilities Act, as well as state and federal wage and hour matters.
Sarah regularly defends employers before federal and state administrative agencies, including the Equal Employment Opportunity Commission and the North Carolina and U.S. Departments of Labor. She also has extensive experience in trade secret litigation, including seeking injunctive and equitable relief related to restrictive covenants, tortious interference, and misappropriation of trade secrets claims.
Sarah also regularly counsels clients on a full range of labor and employment issues, including employee discipline, leave issues, termination, harassment and discrimination investigations, handbook development and revisions, employment agreements, and restrictive covenants.
Sarah earned her B.A.,
magna cum laude, in Political Science from Clemson University and her J.D. from Wake Forest University School of Law.
Click here for more information about Sarah.
Richard Peters is a managing director at Berkeley Research Group (BRG) in Houston, TX. He delivers cybersecurity capabilities to clients in the U.S. and globally. He brings over twenty years of experience managing, performing, and delivering information technology (IT) security solutions. His specialties include technology risk management, IT auditing, cybersecurity assessments, crypto/decentralized finance (DeFi) security, attack-and-penetration testing services, and security analysis across a variety of industries and sectors.
Richard has considerable experience within the information security and cybersecurity assessment space. He speaks frequently at major security conventions around the country. In addition, he has taught information security as an adjunct professor at the University of Houston.
Richard brings vast experience in designing, assessing, and testing against multiple security standards and frameworks, including ISO 27000, Payment Card Industry Data Security Standard (PCI DSS), COBIT, and the National Institute of Standards and Technology (NIST). He also has knowledge of and background in client/server environments, mainframes, and databases, as well as application and hardware experience.
Richard has a thorough understanding of PCI compliance management, providing PCI-related services for over fifteen years, including PCI DSS assessments, PA DSS assessments, and ASV services. With his varied background and experience in client service, he can bridge the gap between executive leadership and technical teams regarding corporate strategies and programs for information security and acceptable levels of risk.
Richard earned his B.B.A in Finance from The University of Texas at Austin.
Click here for more information about Richard.
Steven W. "Will" Quick
Steven W. "Will" Quick is a partner at Brooks Pierce McLendon Humphrey & Leonard LLP in Raleigh. He has a diverse litigation and regulatory practice, representing businesses and local governments in trial and appellate matters and before state agencies in North and South Carolina. He also advises clients on the design and implementation of privacy compliance programs and assists data breach victims with their response and notification obligations.
Will assists businesses of all types with assessing regulatory obligations and developing privacy compliance programs to meet them. He also helps companies experiencing cybersecurity incidents with the investigation, response and notification process, often coordinating efforts across multiple states.
Will is a Certified Information Privacy Professional (CIPP/US), and a Board Certified Specialist in Privacy and Information Security Law by the North Carolina State Bar Board of Legal Specialization.
Will earned his B.A.,
magna cum laude, and M.B.A. from North Carolina State University and his J.D., with honors, from the University of North Carolina School of Law.
Click here for more information about Will.
Steven T. Snyder
Steven T. Snyder is with Moody's in Charlotte. He is a board certified specialist in Privacy and Information Security and has been educating on crypto and blockchain since well before it was a mainstream topic. He presented on Blockchain Technology at the Annual Meeting back in 2018 and his January 2019 Law 360 article "The Privacy Questions Raised by Blockchain" was one of the very first comprehensive legal analysis of the topic.
Steve has guest lectured on crypto at Wake Forest School of Law and Duke Law School and continued to speak and write on Blockchain, Crypto and "Web3." He was recently called "one of the best Web3 thought leaders and pioneering crypto commentators on the planet" by the Former Chief of the Office of Internet Enforcement at the SEC.
Steve earned his B.S. in Civil Engineering (elective concentration in structures) and M.S. in Structural Engineering from Lehigh University and his J.D., with honors, from New York University School of Law.
Click here for more information about Steve.
Amy R. Worley
Amy R. Worley is Managing Director at Berkeley Research Group (BRG) in Raleigh. She has almost twenty years of experience helping companies across industries build and implement programs that unlock and protect the power of information as a competitive advantage through strategic information governance, privacy-by-design, trade secret and commercially sensitive information identification and classification, data loss prevention, data and business process mapping and risk analyses, strategic data analytics, and IT contracting. She has deep industry experience building effective and sustainable multinational privacy and records management programs from gap identification through audit and ongoing program management.
Amy holds a J.D., as well as CIPP/US, CIPP/E, and CIPM certifications from the International Association of Privacy Professionals (IAPP). She is also a Fellow of Information Privacy with the IAPP. She graduated
summa cum laude from Mercer University and was named the "Outstanding Graduate with a degree in English." Thereafter, she became the first George W. Woodruff Scholar at the Mercer University School of Law. She graduated from law school as the editor of the Eleventh Circuit Survey of the Mercer Law Review and the valedictorian of her class.
Click here for more information about Amy.
Uta Marie Zacharias
Uta Marie Zacharias is a Senior Claims Counsel with Lawyers Mutual Liability Insurance Company of NC in Cary. Prior to joining Lawyers Mutual, Uta worked as Senior Subrogation Counsel at Investors Title Insurance Company since 2010. She came to Investors Title from LandAmerica in Richmond, VA, where she served six years as Associate Claims Counsel.
Uta also practiced for several years in law firms in Charlotte and Richmond, VA, where she focused on real estate, general business transactional matters, employment and immigration law.
Uta is licensed in North Carolina and Virginia. She is a member of the Wake County Real Property Lawyers Association.
Uta received her B.S. from Clemson University and her J.D. from Loyola University New Orleans College of Law.
Click here for more information about Uta.
If you did not attend this program in its entirety, please fill out a
to ensure that we report your credit accurately.
partial credit form
Please send your completed form to
within seven days of this program.
As an attendee at this CLE program, your feedback is important.
to fill out the program evaluation.
to view Forms and CLE Policies, Terms and Conditions. Click here
If paying by check,
for a printable registration form. Please reference the in-person live program code click here 200PDS.