8:25 Registration and Continental Breakfast
8:55 Welcome and Introductions
9:00 Overview of State Comprehensive Privacy Laws in the U.S.
Matthew A. Cordell, VF Corporation, Greensboro Molly F. Martinson, Wyrick Robbins Yates & Ponton LLP, Raleigh
California laid the groundwork for comprehensive state privacy laws with the passage of the California Consumer Privacy Act (CCPA) in 2018. Since then, the number of comprehensive privacy laws introduced in state legislatures has grown every year, with close to a dozen (and counting) state privacy laws currently in effect. This session provides an overview of the current comprehensive state privacy laws, draws comparisons and notes distinctions between those laws, and offers helpful practical guidance on how to interpret and operationalize their requirements.
10:10 Fortune Cookies: Predicting Privacy Challenges for Targeted Advertising ‡
Laura Chipman, Bandwidth, Raleigh Sean W. Fernandes, Wyrick Robbins Yates & Ponton LLP, Raleigh Meg E. Mericle, Axios, Raleigh
Harmonizing privacy requirements while retaining the utility of digital advertising for clients and businesses often feels like a balancing act. During this session, panelists provide their perspectives on navigating the digital advertising ecosystem and offer suggestions for the use of digital advertising in light of increasing scrutiny and regulation.
11:20 Privacy and Data Security Litigation Trends
David K. Lietz, Milberg Coleman Bryson Phillips Grossman, Washington, D.C. Steven W. "Will" Quick, Brooks Pierce McLendon Humphrey & Leonard LLP, Raleigh
This panel focuses on recent developments in and the increasing likelihood of data breach, data privacy, and data security cases, including class-action suit claims arising under federal consumer protection statutes and the bevy of recently adopted comprehensive state-level consumer privacy laws. From both the plaintiff and defense sides, the panel includes perspectives on recent trends and strategies in data privacy and data security litigation, potential for data-breach class actions, recent high-profile settlements, and more.
12:20 Lunch Break
1:20 Privacy Across the Pond: EU Enforcement Trends and Legislative Updates
Amy R. Worley, Berkeley Research Group (BRG), Raleigh
Hear a DPO's perspective on recent regulatory actions and judicial decisions under the GDPR, including practical advice on the new Data Privacy Framework.
2:30 Data Vendor Life Cycle: From Due Diligence to Transition Services
Taylor Ey, Womble Bond Dickinson (US) LLP, Research Triangle Park/Durham Kathryn Helin, Snyk, Raleigh Lauren Page, Calendly, Wilmington
This panel discusses common considerations when working with data vendors. Hear customer and vendor perspectives about outsourcing data processing, from the beginning of the potential relationship to the end of the relationship. The panel explores topics such as vendor due diligence, risk management, negotiating data terms in vendor contracts, customer-vendor relationship management, operationalizing consumer data rights, exercising audit rights, and transition services.
3:40 Artificial Intelligence, Real Practice *‡
Jeffrey M. Kelly, Nelson Mullins Riley & Scarborough LLP, Raleigh Brian Oten, North Carolina State Bar, Raleigh
What is AI, and how exactly does it fit in with a legal practice? Am I violating the Rules of Professional Conduct if I use AI to accomplish my client's goals? This session provides an overview of the current state of artificial intelligence and its integration into the legal profession while considering the ethical implications of a lawyer's employment of artificial intelligence.
4:40 Adjourn * Indicates portion providing Ethics/Professional Responsibility credit ‡ Indicates portion providing Technology Training credit
This CLE brings attendees up to date on the latest developments in privacy laws, provides information on the current privacy regulatory and litigation landscape, and offers practical insights on managing risks associated with the collection, use and disclosure of individuals' personal information.
Tiffany M. Burba
Tiffany M. Burba is an associate at Parker Poe Adams & Bernstein LLP in Raleigh. She helps clients negotiate technology contracts and protect their intellectual property rights. She prioritizes understanding her clients' business goals and is skilled at drafting contracts to mitigate risk in pursuit of those goals.
Tiffany has particular experience at the intersection of intellectual property and technology, having drafted and negotiated over one thousand contracts involving cloud software, data sharing, cybersecurity consulting, and other areas. She has negotiated multi-million dollar deals with some of the country's prominent life sciences and software companies. Tiffany has experience on both sides of a technology transaction, simultaneously representing large institutional clients in their day-to-day IT procurement endeavors and independent cloud services companies in their revenue-generating licensing deals.
Outside of work, Tiffany can be found teaching a course on software licensing, technology, and data privacy at Campbell Law School or serving on the leadership council of the North Carolina Bar Association's Intellectual Property Section. She also maintains a robust pro bono practice and received the 2020 Younger Lawyer Pro Bono Award from the N.C. Bar Association.
Tiffany was named the 2022 Intellectual Property Section Member of the Year by the N.C. Bar Association. She has also been listed as one of Raleigh Magazine's "20 in their 20's."
Tiffany earned her B.A. from The University of Maryland, her J.D. and M.S. in Finance from Vanderbilt University.
Click here for more information about Tiffany.
Laura Chipman is VP & Deputy General Counsel - Privacy and Marketing at Bandwidth in Raleigh. She leads the company's global privacy program with an emphasis on creating a culture of accountability, transparency, and stewardship with practical and relevant advice to stakeholders across the organization. She supports privacy by design in major product and development initiatives including cloud-based infrastructure, global network design, and integrations with AI tools. She also supports the Marketing organization with content review, strategy, sponsorship and endorsement, and privacy.
Laura is also coach and founder of
Laura Chipman LLC, She coachs women lawyers to live and practice intentionally working towards a joyful life and law practice.
Laura earned her B.A. in English and Art History from the University of North Carolina at Chapel Hill and her J.D. from the University of North Carolina School of Law.
Click here for more information about Laura.
Matthew A. Cordell
Matthew A. Cordell is the Vice President and General Counsel for Privacy and Technology at VF Corporation in Greensboro.
Matt is the founder and Chair of the Privacy and Data Security Specialization Committee of the NC State Bar. He holds several IAPP certifications: CIPP/US, CIPP/E, CIPP/Canada, and CIPM. He is an IAPP and ABA certified Privacy Law Specialist (PLS), and an IAPP Fellow of Information Privacy (FIP).
Matt earned his B.B.A.,
summa cum laude, majoring in Trust and Investment Management and minoring in Financial Planning from Campbell University, his M.B.A., with distinction, from Lundy-Fetterman School of Business and his J.D., with honors, from the University of North Carolina School of Law.
Click here for more information about Matthew.
Angela P. Doughty
Angela P. Doughty is an IP and Privacy attorney at Ward and Smith PA in New Bern. She also serves as the firm's Director of Legal Innovation. She is a North Carolina State Bar Board Specialist in Trademark Law and a Certified Information Privacy Professional- United States (CIPP/US).
Angela oversees several initiatives to optimize and increase the efficiency of the firm's legal services. In addition to adopting and executing practices, such as Legal Lean Sigma, Angela is responsible for moving the firm through the implementation of process improvement, design methodologies, and innovative technology.
In her IP practice, Angela routinely counsels and assists clients with identifying, protecting, enforcing, and managing their U.S. and international IP rights; trademark and service mark selection, clearance, and registration; opposition and cancellation proceedings before the U.S. Patent and Trademark Office; Internet and domain law issues; software development and licensing transactions; and negotiating the acquisition, licensing, and transfer of intellectual property rights. She has extensive experience with strategic planning and management of IP portfolios, including IP audits to assist clients with the identification of intellectual property assets and the related risks and opportunities.
Angela earned her B.S.,
summa cum laude, in Business Management - Logisitics and Operations from North Carolina State University, her J.D., from Campbell University Norman Adrian Wiggins School of Law and her M.B.A., from Campbell University Lundy-Fetterman School of Business.
Click here for more information about Angela.
Taylor Ey is an associate at Womble Bond Dickinson (US) LLP in Research Triangle Park/Durham. She focuses her practice on advising clients on privacy and data security matters that overlap with consumer protection laws in digital advertising and marketing, and as a transactional attorney where companies are seeking to in-license or out-license intellectual property rights in software, data, technology (including patented or copyrighted technology), or related to a strategic branding opportunity and trademark rights.
Taylor brings in the technical teams to the conversation and uses her engineering background to help translate across business, technical and legal teams to identify solutions. She works on multidisciplinary teams to quantify and manage risk related to a data use case such as adding third-party advertising pixels to the business website and adopting biometric or artificial intelligence tools for the workforce or in a consumer-facing application. She regularly supports teams designing web-based and app-based consumer experiences to market the company's products and services and build brand loyalty. Taylor works on the customer-side and service provider side to negotiate vendor data arrangements supporting website, mobile app and other consumer marketing objectives. She also advises clients on breach notification response procedures under US federal and state law, and US-based clients on their collection and use of personal information, including implications under international laws, such as the European Union's General Data Protection Regulation. She is also recognized by the International Association of Privacy Professionals (IAPP) as a certified information privacy professional for the U.S. and Europe.
Taylor's approach to client counseling is informed by her in-house experience as a long-time secondee at several firm clients. Taylor has served as a secondee on commercial legal teams and privacy legal teams while at Womble, working with the following types of clients: a multinational consumer packaged goods company, an international biotechnology company (supporting the agriculture technology team), and a global apparel and footwear company.
Taylor earned her B.S.,
cum laude, and M.S. in Biomedical Engineering, from The Ohio State University and her J.D., cum laude, from Wake Forest University School of Law.
Click here for more information about Taylor.
Sean W. Fernandes
Sean W. Fernandes is an attorney with Wyrick Robbins Yates & Ponton LLP in Raleigh, and a member of the firm's Privacy & Data Security practice group. He counsels clients on legal requirements regarding privacy, data security, and data protection applicable to their businesses. He has experience with a variety of federal, state, and foreign privacy and data security laws and regulations, including biometric privacy laws such as the Illinois Biometric Information Privacy Act (BIPA), the California Consumer Privacy Act of 2018 (CCPA) and California Privacy Rights Act (CPRA), CAN-SPAM, the Colorado Privacy Act (CPA), Connecticut's Act Concerning Personal Data Privacy and Online Monitoring, the EU ePrivacy Directive and General Data Protection Regulation (GDPR), the Fair Credit Reporting Act (FCRA), the Federal Educational Rights and Privacy Act (FERPA), the Gramm-Leach-Bliley Act (GLBA), HIPAA, state data breach notification laws, the Stored Communications Act, the Video Privacy Protection Act (VPPA), the Utah Consumer Privacy Act (UCPA), the Virginia Consumer Data Protection Act (CDPA), and the Wiretap Act.
Sean has significant experience guiding clients through responses to security incidents and data breaches, including responses to regulatory investigations into data breaches, drafting privacy policies and notices, creating and advising on the administration of privacy and security compliance programs, drafting and negotiating privacy and security contracts, and advising on privacy and data security issues in M&A transactions.
Sean frequently writes on privacy, data security, and data protection matters on the firm's
privacy law blog.
Sean is a Board Certified Specialist in Privacy and Information Security Law and holds a CIPP/US certification from the International Association of Privacy Professionals (IAPP).
Sean earned his B.A. in Anthropology, with honors and distinction, from the University of North Carolina at Chapel Hill and his J.D. from the University of Chicago Law School, where he was a Victor McQuistion scholar.
Click here for more information about Sean.
Kathryn "Kate" Helin
Kathryn "Kate" Helin is Lead Counsel, Privacy at Snyk in Raleigh. She brings her strategic thinking and business acumen to her approach as in-house counsel, working to identify and manage legal risks while meeting business needs in fast paced environment. She has supported businesses in technology counsel and compliance roles, including serving as data protection officer.
Kate earned her B.A. in Political Science and Women's and Gender Studies from American University and her J.D. from Wake Forest University School of Law.
Click here for more information about Kate.
Jeffrey M. "Jeff" Kelly
Jeffrey M. "Jeff" Kelly is a Partner at Nelson Mullins Riley & Scarborough LLP in Raleigh. He focuses his practice in areas of emerging technology, particularly in areas involving data analytics, digital assets, and FinTech. He works closely with entrepreneurs and companies to effectively navigate changing regulations, government investigations, and complex corporate and securities law challenges protecting trade secrets, including the North Carolina Business Court, the U.S. Securities and Exchange Commission (SEC), and federal courts.
Jeff serves in several leadership positions at the intersection of law, technology, and increasing access to justice. He currently serves on the Governing Council of the American Bar Association's Center for Innovation and is the Past Chair of the North Carolina Bar Association's Future of Law Committee, both of which are charged with tracking, analyzing, and contextualizing the impact of leading edge technology on the practice of law and delivery of legal services. He is also a Fellow of Duke University School of Law's Center on Law and Technology. He is the Chair of the Advisory Board for Legal Aid of North Carolina's Innovation Lab and serves on Legal Aid's Board of Directors.
Jeff earned his B.A. in Philosophy from North Carolina State University and his J.D. from Campbell University Norman Adrian Wiggins School of Law.
Click here for more information about Jeff.
David K. Lietz
David K. Lietz is a partner at Milberg Coleman Bryson Phillips Grossman in Washington, D.C. His practice concentrates on complex civil litigation and consumer class actions, with a particular emphasis on data breach and cybersecurity cases.
Since 2020, David has filed over 100 data breach class action lawsuits, successfully briefing and arguing dozens of motions to dismiss. He serves as lead counsel on multiple cases that are on the cutting edge of Article III federal court jurisdiction in data breach litigation. He has been named class counsel in dozens of data breach class actions, winning millions of dollars in compensation for the victims of data breaches. He has successfully tried consumer class actions to verdict before a jury, most recently in
Baez v. LTD Financial Services in the US District Court for the Middle District of Florida.
For his substantial efforts in advancing the state of the law in data breach and cyber-security litigation, in April of 2022, David was named to Law360's 2022 Cybersecurity & Privacy Editorial Board. This twelve person editorial board includes some of the most accomplished attorneys in the country in the cybersecurity and data breach legal field.
David earned his B.A.,
cum laude, from Luther College and his J.D. from Georgetown University Law Center.
Click here for more information about David.
Molly F. Martinson
Molly F. Martinson is a member at Wyrick Robbins Yates & Ponton LLP in Raleigh and a member of the firm's Privacy & Data Security practice group. She advises clients on matters including data breach notification and compliance with state and federal laws that impact collection, storage, use, sharing, and protection of personal information, such as the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), CAN-SPAM, the Children’s Online Privacy Protection Act (COPPA), laws regulating data brokers, and laws governing website and mobile application privacy policies.
Molly also counsels clients on a broad spectrum of HIPAA compliance-related matters, including assessing HIPAA applicability, drafting HIPAA policies and procedures, responding to data requests from the U.S. Department of Health and Human Services Office for Civil Rights, evaluating data breach notification obligations when protected health information is compromised, drafting and negotiating business associate agreements, training workforce members, and conducting HIPAA security assessments and risk analyses.
Molly is a member of the Privacy and Data Security Section of the North Carolina Bar Association, International Association of Privacy Professionals, North Carolina Tech Association and the Wake County Bar Association.
Molly earned her B.A.,
cum laude from Wake Forest University and her J.D., with honors, from UNC School of Law.
Click here for more information about Molly.
Matthew Meinel is a Data Protection & Privacy Managing Consultant at Berkeley Research Group (BRG) in Raleigh. He is a compliance consultant focusing on data privacy and information governance. He leverages his legal training and prior IT consulting experience to provide companies with practical, risk-based implementation solutions for privacy and records management programs.
Matt has experience with clients across multiple industries, including life sciences, manufacturing, eCommerce, and financial services. He holds CIPP-US and CIPP-E certifications from the International Association of Privacy Professionals (IAPP) and serves in several leadership positions with the Raleigh-Durham IAPP chapter and the N.C. Bar Association's Privacy & Data Security Section.
Matt earned his B.A., with honors, in History and Political Science with a minor in Computer Science from Vanderbilt University and his J.D., with honors, from the University of North Carolina School of Law.
Click here for more information about Matt.
Meg E. Mericle
Meg E. Mericle is Senior Counsel, Commercial Privacy and Product at Axios in Raleigh. Axios is a digital news company founded in 2016.
Meg previously served as Corporate Counsel for the legacy news publisher McClatchy, which owns the Raleigh News and Observer and 29 other local newspapers.
Meg earned her B.A.,
summa cum laude, in Sociology and Spanish from the University of North Carolina Asheville, her M.A. in Strategic Communications from UNC School of Media and Journalism and her J.D. from the University of North Carolina School of Law.
Click here for more information about Meg.
Brian P. Oten
Brian P. Oten is the Director for Ethics and Special Programs at the North Carolina State Bar.
Brian joined the State Bar's Office of Counsel in 2007 as deputy counsel and moved to his current role in 2018 where he serves as chief ethics counsel and director for the boards of legal specialization and paralegal certification.
Brian earned his B.A. from UNC-Chapel Hill and his J.D. from the UNC School of Law.
Click here for more information about Brian.
Lauren Page is Assistant General Counsel, Privacy and Product at Calendly in Wilmington. She focuses on Calendly's compliance with applicable data privacy laws and frameworks, growing Calendly's data governance program, and product counseling. She work cross-functionally to support all teams in the company with their data use and privacy compliance issues. Her team oversees data privacy and governance documentation (data processing addenda, other agreements, policies, processes, notices, records of processing, assessments), product counseling, responsible and legal data use practices, fulfilling responsibilities to data subjects, putting internal data governance systems and controls in place, and providing company training and education.
Lauren earned her B.A. in History from the University of Richmond and her J.D. from Duke University School of Law.
Click here for more information about Lauren.
Steven W. "Will" Quick
Steven W. "Will" Quick is a partner at Brooks Pierce McLendon Humphrey & Leonard LLP in Raleigh. He has a diverse litigation and regulatory practice, representing businesses and local governments in trial and appellate matters and before state agencies in North and South Carolina. He also advises clients on the design and implementation of privacy compliance programs and assists data breach victims with their response and notification obligations.
Will assists businesses of all types with assessing regulatory obligations and developing privacy compliance programs to meet them. He also helps companies experiencing cybersecurity incidents with the investigation, response and notification process, often coordinating efforts across multiple states.
Will is a Certified Information Privacy Professional (CIPP/US), and a Board Certified Specialist in Privacy and Information Security Law by the North Carolina State Bar Board of Legal Specialization.
Will earned his B.A.,
magna cum laude, and M.B.A. from North Carolina State University and his J.D., with honors, from the University of North Carolina School of Law.
Click here for more information about Will.
Mayukh Sircar is a cybersecurity, data privacy & technology attorney with Ward and Smith P.A. in Raleigh. He is a Certified Information Privacy Professional-United States (CIPP/US) who utilizes his keen insights and practical knowledge of privacy and data security law to help clients turn cybersecurity risks into manageable business opportunities. He advises businesses in various industries on developing privacy protection practices, such as the legal requirements and risks associated with the collection, storage, transfer, use, protection, and data disposal. He also counsels clients on structuring and operationalizing privacy compliance programs, data breach response and planning, contract and vendor management, and licensing and technology transactions.
Mayukh provides clients with comprehensive coverage of local, state, federal, and international laws governing privacy and data security, including the Health Insurance Portability Accountability Act (HIPAA), General Data Protection Regulation (GDPR), Gramm–Leach–Bliley Act (GLBA), California Consumer Privacy Act (CCPA), and California Privacy Rights Act (CPRA).
Mayukh earned his B.S. from the University of North Carolina at Chapel Hill, his M.S. in Physiology and Biophysics from Georgetown University School of Medicine and his J.D. from the University of North Carolina School of Law.
Click here for more information about Mayukh.
Lauren Watson is a privacy & data security attorney with Wyrick Robbins Yates & Ponton LLP in Raleigh and a member of the firm's Privacy & Data Security practice group. She dedicates her practice to assisting clients with matters including data security incident response, data breach notification, preparation of privacy policies and notices, negotiation of data protection agreements, and compliance with all aspects of privacy and data security laws and regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), Telephone Consumer Protection Act (TCPA), and Truth in Caller ID Act, as well as other state and federal laws regulating the collection, storage, use, sharing, and protection of personal information.
Lauren also has experience with biometric privacy laws, including the Illinois Biometric Information Privacy Act (BIPA) and the Texas Capture or Use of Biometric Identifier Act (CUBI), as well as comprehensive privacy laws such as the EU's General Data Protection Regulation (GDPR), California Consumer Privacy Act of 2018 (CCPA), California Privacy Rights Act (CPRA), Colorado Privacy Act (CPA), Virginia Consumer Data Protection Act (VCDPA), Connecticut Data Privacy Act (CTDPA), and Utah Consumer Privacy Act (UCPA).
Prior to joining Wyrick Robbins, Lauren spent several years practicing civil litigation at a firm in Oklahoma City.
Lauren earned both her B.A. and J.D. in Political Science and History, with distinction, from the University of North Carolina at Chapel Hill. During law school, she served as a Senior Staff Editor with the North Carolina Journal of International Law and earned American Jurisprudence Awards in both Cybersecurity Law and International Law Foundations.
Click here for more information about Lauren.
Amy R. Worley
Amy R. Worley is Managing Director & Associate General Counsel at Berkeley Research Group LLC (BRG) in Raleigh. She has honed her skills in helping businesses develop comprehensive privacy, data governance, and information management programs. She served as global chief privacy officer for a leading global pharmaceutical and medical device company with a market value of $1 billion.
Amy currently serves as a fractional data protection officer for organizations worldwide, providing gap and risk assessments, developing remediation plans, liaising with global regulatory bodies, assisting clients in responding to security incidents, and advising boards of directors on data compliance related risk.
Amy's certifications include the International Association of Privacy Professionals Certified Privacy Professional for the United States and Europe, Certified Privacy Program Manager, and she is a Fellow of Information Privacy, as well as being a certified Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Expert.
Amy leads BRG's Privacy and Information Governance practice group. She has deep industry experience building effective and sustainable multinational data compliance programs across industries. Her clients benefit from her experience working with regulators in the US, the European Union, and other parts of the world. She has partnered with global, national, and regional financial institutions, life sciences companies, laboratories, healthcare providers, electronic medical records providers, e-commerce marketplaces, data analytics and statistical companies, and digital real estate investment enterprises to build agile and effective digital compliance programs.
Amy practiced law for 16 years before moving into industry and then into consulting. She advised on regulatory compliance with laws including HIPAA; Health Information Technology for Economic and Clinical Health Act (HITECH); Fair Credit Report Act (FCRA); Fair and Accurate Credit Transactions Act (FACTA); Gramm–Leach–Bliley Act (GLBA); US Securities and Exchange Commission "Red Flags Rule"; Bank Secrecy Act (BSA); Dodd–Frank Wall Street Reform and Consumer Protection Act ("Dodd–Frank); Children's Online Privacy and Protection Act (COPPA); Family Educational Rights Privacy Act (FERPA); European Union Data Protection Directive 95/46; European General Data Protection Regulation (GDPR); Brazilian General Data Protection Law (LGPD); Canadian Personal Information Protection and Electronic Documents Act, as amended (PIPEDA); and other US, Latin America, and Asian data privacy laws.
Amy has provided expert testimony in US federal courts related to data breach notification obligations and has provided expert deposition testimony in other litigation. She has served on several nonprofit boards and won the North Carolina Governor's Award for Volunteer Service.
Amy earned her B.A. in English from Mercer University and her J.D. from Mercer University School of Law.
Click here for more information about Amy.
If you did not attend this program in its entirety, please fill out a
to ensure that we report your credit accurately.
partial credit form
Please send your completed form to
within seven days of this program.
As an attendee at this CLE program, your feedback is important.
to fill out the program evaluation.
to view Forms and CLE Policies, Terms and Conditions. Click here
If paying by check,
for a printable registration form. Please reference the in-person live program code click here 244PDS.
Can't attend in person? Please contact us at
email@example.com or 919.677.0561 to switch your registration to the Live Webcast before the start of the program. (After the live CLE program begins, you will have real-time access to only the program format for which you are registered — either In-Person Live or Live Webcast — and your registration cannot be switched.)
Certificate of Completion and Archived Video: Your certificate of completion and archived video will be available approximately two weeks of the program date and can be found in your CLE account. MCLE credit is available to registrants only on the day(s) of the live event. This archived content is offered solely for review purposes and is not a substitute for live attendance. Click here for more information about archive videos in our FAQ.