As chair of the Cybersecurity & Data Privacy practice at Woods Rogers Vandeventer Black (WRVB), Beth’s practice is fully devoted to cybersecurity and data privacy. Clients ranging from local government and state agencies to mid-market firms and Fortune 200 companies depend on Beth for advice and counsel. Her clients span industries such as banking, healthcare, manufacturing, high-tech, and energy. She has deep experience counseling clients pioneering new technologies, including in the intersection of artificial intelligence (AI) with privacy regulatory concerns.
Beth’s credentials in the field are extensive. She is a certified Privacy Law Specialist by the International Association of Privacy Professionals (IAPP), which is accredited by the American Bar Association. In addition, she is a Certified Information Privacy Professional with expertise in both U.S. and European law (CIPP/US & CIPP/E) and a Certified Information Privacy Manager (CIPM), also from the IAPP.
In addition to client work, Beth contributes thought leadership across the cybersecurity and data privacy communities. In 2022, Beth was appointed by the Governor of Virginia to the Commonwealth’s first Cybersecurity Planning Committee for local and state governmental entities. Beth writes extensively for OneTrust Data Guidance on the nuances of Virginia’s new data privacy law as a OneTrust Data Privacy Expert. Beth is also a frequent contributor to the national cybersecurity journal Dark Reading, where she writes about the intersection of law, privacy, cybersecurity, and technology.
Beth has been recognized repeatedly in lawyer-ranking publications including Best Lawyers in America, Virginia Super Lawyers, and Virginia Business. Virginia Lawyers Weekly has named her an “Up & Coming Lawyer” and an “Influential Women in Law.” She has been featured as a data privacy expert by OneTrust Data Guidance in their international magazine spotlighting global privacy professionals.
Representative Experience
Cybersecurity Incident Response Experience
- Beth specializes in critical infrastructure incident response. This experience has made her adept at guiding rapid recoveries after ransomware incidents, having led dozens of ransomware recoveries across a broad range of industries and in the critical governmental sector.
- Beth has managed high-stakes cyber incidents as lead breach counsel in the financial, healthcare, energy, and governmental sectors and knows firsthand the nuanced interplay of industry-specific regulations such as GLBA, HIPAA, and NERC CIP on cybersecurity incident response. Beth is a hands-on leader, diving into the details of network maps and IT asset inventories alongside clients and elite forensic teams to rebuild a downed enterprise quickly and efficiently. She has engaged some of the best forensic and crisis communication teams in the country on behalf of her clients, using deep experience to quickly navigate the uncertainty after a cyber incident.
- She has counseled public companies on “materiality” determinations under the Securities and Exchange Commission and has assisted in the rapid drafting of 8-K and 10-Q publications. Beth has experience serving as special counsel to audit committees and board executive committees during ransomware incidents. She has helped entities navigate ransom payment considerations, including OFAC concerns.
Privacy Compliance Experience
- Beth has helped companies build privacy programs from the ground up and led major regulatory compliance rollouts including those under GDPR, UK GDPR, PIPEDA, CIPL, LGPB, CCPA, and beyond. Beth specializes in business to business (“B2B”) privacy compliance programs, with deep experience in the special nuances associated with the B2B arena.
- She has drafted data impact assessments, privacy impact assessments, privacy policies, and has built programs applying “privacy by design.” She works with her clients daily to spot privacy risks associated with their businesses both local and global.
- She helps clients navigate data transfers to and from the U.S., including by navigating standard contractual clauses and transfer impact assessments.
- Beth works with those pioneering ad tech and behavioral advertising to assist in compliance related to business development.
Cybersecurity & Privacy Contract and M&A Experience
- With the rise of third-party vendor risk, Beth has developed third-party vendor / supplier vetting programs including by building out vetting programs for large-scale procurement departments.
- On high-stakes contracts, Beth is often brought in by global legal departments to negotiate cyber and privacy-related risks. In this capacity, she has negotiated countless information security addendums, data privacy supplements, and both vendor and customer-facing security and privacy contracts on both the customer and supplier side. Beth’s team is accustomed to serving as “overflow support” for the tech lawyers on the in-house legal team, working to seamlessly provide support to the business and legal teams for her clients. She also has assisted clients on privacy-related M&A issue spotting, deal terms, and due diligence.
Cybersecurity Resilience and Cyber Insurance Experience
- Beth is a strong proponent of cyber resilience efforts and often advises on cyber insurance on behalf of her private clients. She counsels clients on the protective measures they can take before a cybersecurity crisis strikes, often providing advice to the C-Suite, Audit Committees, and Board of Directors. In this way, she is truly a “CISO’s lawyer.”
Thought Leadership
Published Articles
- With Elaine McCafferty, Comment: The Necessary Evolution of State Data Breach Notification Laws: Keeping Pace with New Cyber Threats, Quantum Decryption, and the Rapid Expansion of Technology, Washington and Lee Law Review, Winter 2022
- Cyber Insurance and War Exclusions, Dark Reading, March 23, 2022
- Mission Critical: What Really Matters in a Cybersecurity Incident, Dark Reading, June 17, 2021
- Virginia Takes Different Tack Than California With Data Privacy Law, Dark Reading, February 18, 2021
- To Pay or Not to Pay: Responding to Ransomware From a Lawyer’s Perspective, Dark Reading, November 17, 2020
- Ransomware from Your Lawyer’s Perspective, Dark Reading, June 16, 2020
- SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit, Dark Reading, December 5, 2019
- How Network Logging Mitigates Legal Risk, Dark Reading, September 23, 2019
- The California Consumer Privacy Act’s Hidden Surprise Has Big Legal Consequences, Dark Reading, August 13, 2019
- Attack of the Zombie Fitbit, Lynchburg Business Magazine, June/July 2019
- A Lawyer’s Guide to Cyber Insurance: 4 Basic Tips, Dark Reading, July 12, 2019
- Incident Response: 3 Easy Traps & How to Avoid Them, Dark Reading, May 23, 2019
- How to Help Your Board Navigate Cybersecurity’s Legal Risks, Dark Reading, April 30, 2019
- Data in Danger, Lynchburg Business Magazine, August/September 2018
- Fire Where There is No Flame: The Constitutionality of Single-Sex Education in the Commonwealth, William & Mary Journal of Women and the Law
Attorney Perspectives
-
Biometric Privacy Trial Is a Milestone in Privacy Law
October 25, 2022 -
A New Day for Data Privacy: California Privacy Act Exemptions Will Expire
September 1, 2022 -
Internal Inferences Must Be Disclosed to Consumers Under CCPA
April 15, 2022 -
Proposed SEC Cybersecurity Rules Require Public Companies to Act Now
March 24, 2022 -
New Notification Requirements for Critical Infrastructure
March 18, 2022 -
Banks Will Have 36 Hours to Report Cyberattacks Under New Rule
January 12, 2022 -
Questions About Tort and Contract Claims in the Cybersecurity Context Left Unsettled
November 30, 2021 -
The Colorado Privacy Act: Understanding Your Newest Compliance Challenge
June 23, 2021 -
Before the Breach: Time to Get Serious About Cyber Resilience
June 15, 2021 -
Governor Signs Virginia Consumer Data Protection Act
March 3, 2021
Featured Posts
-
Beth Waller Comments on Technology Limitations for Virginia’s New Age Verification Laws
July 10, 2023 -
Beth Waller Echoes SolarWinds CISO on Need for Clarity on Cybersecurity Incident Disclosure, DarkReading.com
May 26, 2023 -
Beth Waller Shares Insight On Tech Innovation in Virginia Business Magazine
May 1, 2023 -
Beth Waller Offers ‘Buyer Beware’ on Incident Response Coverage, Mandiant Cyber Snapshot, Issue 3
March 16, 2023 -
Beth Waller Highlights Uniqueness of Virginia Consumer Data Protection Act (VCDP)
March 14, 2023
Speaking Engagements
-
VCU School of Business: Risk Management and Insurance Program | Living on the Edge: The Intersection of Artificial Intelligence and Cybersecurity
September 21, 2023 -
VBA Annual Corporate Counsel Fall Forum | Virginia Data Protection Law Update
September 15, 2023 -
(ISC)2RVA August 2023 Chapter Meeting | Buckling in for the Wild Ride: Cyber Insurance, Incident Response, and Preparing for an Actual Breach from a Legal Perspective
August 31, 2023 -
Commonwealth of Virginia Security Conference | Rogue Cybersecurity: Examining AI and Risk from a Legal Perspective
August 17, 2023 -
Federal Bar Association and MyLawCLE | Strengthen Data Privacy Compliance: The Who, What, Why, Where and How of Data Processing Agreements.
July 27, 2023 -
North American Association of State and Provincial Lotteries in Professional Development | Keynote Speaker on Cybersecurity & Data Privacy
July 18, 2023 -
Multi-State Information Sharing and Analysis Center | Understanding the Cyber Incident Response Battlespace
July 11, 2023 -
The Global GRC, Data Privacy & Cyber Security ConfEx | Navigating Privacy, GRC, and Security in Today’s Business Environment
June 28, 2023 -
FBI Executive Cyber Summit | Legal Panel
June 21, 2023 -
Virginia Commonwealth University SCMA Symposium | Keynote Speaker on Cybersecurity
April 14, 2023 -
rvatech CyberConVA | Decomposing a Breach Response, Panel Moderator
February 28, 2023 -
Virginia Corporate Security Symposium (CSS) | Ransomeware: A Case Study
February 23, 2023 -
Council of School Attorneys (COSA) | The Role of School Board Counsel in Cybersecurity Incidents
November 16, 2022 -
Sailpoint | Cyber Insurance, Incident Response Vetting, and Finding True Solutions to 2022 Threats
November 2, 2022 -
Virginia Cyber Security Partnership, Virginia Alliance for Secure Computing And Networking, VCU Cybersecurity Center | 2022 Cybersecurity Career Panel
October 28, 2022 -
Innovate 2022 Conference | Security: What Different Industries Are Doing to Protect You
October 21, 2022 -
Mandiant Worldwide Information Security Exchange (mWISE™) | Navigating the New Normal In Cyber Insurance: From Application to Ensuring Robust Coverage
October 18, 2022 -
Mid-Atlantic Financial Services Cybersecurity Consortium | Ransomware and the Financial Sector
October 18, 2022 -
Stafford Webinars | Ransomware, Cyber Insurance, and the GC’s Role: Current Executive Order, Risks Related to Payment, FBI Guidance
September 27, 2022 -
Virginia Society of CPAs 52nd Annual Virginia Accounting & Auditing Conference | Plan Sponsor’s Perch With a Participant Perspective for Retirement Plan Best Practices
September 26, 2022 -
Sailpoint | Cybersecurity Insurance Webinar
September 21, 2022 -
VCU School of Business Risk Management and Insurance Program | Cybersecurity in 2022: Examining an Evolving Threat Landscape from Incident Response to Building Resilience
September 9, 2022 -
Commonwealth of Virginia 2022 Information Security Conference | Cyber Resilience: Turning Your Enterprise Into a Phoenix Rising From the Virtual Ashes
August 18, 2022 -
15th Annual MS-ISAC Meeting | Lessons from the Life Cycle of a Cyber Incident – Expert Perspectives on What to Do Before, During, and After Experiencing a Cyber Incident
August 10, 2022 -
Legal Talk Network: Digital Detectives | Advice for Law Firms from a Data Breach/Privacy Lawyer
July 28, 2022 -
American Intellectual Property Law Association Spring Meeting | Responsibility of Attorneys to Develop and Maintain Tech Knowledge
May 18, 2022 -
Virginia School Boards Association Hot Topic Conference | Cyber Security Incident Response 101
April 20, 2022 -
Strafford | Drafting Data and Cybersecurity Provisions in Third-Party Vendor Agreements: Limits to Liability, Indemnification
February 24, 2022 -
VCU School of Business Risk Management and Insurance Program | Into the Breach: Navigating the Risk of Sensitive Data
September 21, 2021 -
HIMSS Virginia Chapter - Annual Fall Conference | Double Extortion: Responding to Ransomware Incidents from a Lawyer’s Perspective
September 15, 2021 -
Virginia Bar Association Summer Meeting | Into the Breach: Practical Guidance on Cybersecurity Incidents
July 23, 2021 -
Central Virginia Small Business Development Center | Panel: Future Proofing Your Business with Blockchain
July 7, 2021 -
Commonwealth Information Security Council Information Security Conference | 2021 Cybersecurity Reboot – Tools for building a cyber resilience
June 24, 2021 -
OneTrust | Virginia CDPA Lands: What You Need To Know
March 4, 2021 -
Sycom Technologies & Woods Rogers | Ransomware Readiness and Response
February 9, 2021 -
Women in E-Discovery Richmond Chapter | Cybersecurity & E-Discovery
January 27, 2021 -
HIMSS Virginia Chapter | What Healthcare Executives and Board Members Must Know About Enterprise Cyber Risk Management
January 26, 2021 -
Virginia Bar Association | Blockchain: The Intersection of Emerging Technology and an Evolving Legal Landscape
January 22, 2021 -
Virginia Chapter of the American Society for Healthcare Risk Management | Cybersecurity & Privacy 2020: A Quick Look at Current Concerns
December 17, 2020 -
Innovate Lynchburg | Real World Cyber… what’s REALLY going on?
November 17, 2020 -
AICPA Employee Benefit Plans Conference | Cybersecurity Incident Response: A Walk Through A Data Breach
November 10, 2020 -
Virginia Bar Association Intellectual Property and Information Technology Section | Attack of the IoT Zombies: Confidentiality, Cybersecurity, and a Lawyer’s Duty
October 29, 2020 -
RVATech Talks | Richmond Technology Podcast
August 9, 2020 -
RVA Tech Data Summit | Cybersecurity & Data Privacy
March 11, 2020 -
2019 FireEye Cyber Defense Summit | Navigating the Labyrinth: A Guide to Board of Director Cybersecurity Legal Risk
October 9, 2019 -
HalfMoon Education Inc. | Cybersecurity Issues for Engineers
September 25, 2019 -
Kentucky Credit Union League | Cybersecurity Risk from a Legal Perspective: Top 10 Tips
July 17, 2019 -
Dark Reading Virtual Summit | Panel: The First 24 Hours: Advice to First Responders in a Critical Data Breach
June 26, 2019 -
2019 IG3 Mid-Atlantic Conference | Panel: Cybersecurity, Privacy & Data Protection
June 23, 2019 -
Virginia Information Technology Agency (VITA) | Cybersecurity & Data Privacy
June 5, 2019 -
Council of Independent Colleges in Virginia | Higher Education Legal Update
May 22, 2019 -
Annual VA Health Information and Management Systems Society | H.I.T. Advocacy Day
March 14, 2019 -
Virginia Credit Union League | Cybersecurity | Regulations & Compliance
November 6, 2018 -
Charlottesville Chamber of Commerce | Mission Possible: Cybersecurity Education & Defense for the Rest of Us
October 25, 2018 -
ACEC HR Forum | The Role of Human Resources in Securing the Workplace
October 16, 2018 -
General Counsel Roundtable | Cybersecurity
September 26, 2018 -
VT Roanoke Center Facts & Snacks | Cybersecurity and Privacy
August 30, 2018 -
CICV Conference for Chief HR Directors & Chief Financial Officers | Top Challenges in Cybersecurity Facing Higher Education in the 21st Century
June 14, 2018 -
CICV Technology Conference for Chief Information Officers | Cybersecurity
May 18, 2018 -
Virginia Community College System Information Security Officer Conference | General Data Protection Regulation
May 17, 2018 -
Virginia Association of Defense Attorneys—Spring Sections Seminar | Advances in Electronic Medical Records: Key Tactical Issues
May 10, 2018 -
Virginia Tech Corporate Research Center | European Union General Data Protection Regulation
April 24, 2018 -
Commonwealth of Virginia Information Security | Privacy and Security from a Legal Perspective
April 13, 2018 -
Virginia State Bar CLE: Annual Real Estate Seminar | Cybersecurity, Ethics and Real Estate Law
March 2, 2018 -
12th Annual VA Health Information and Management Systems Society H.I.T. Advocacy Day | Cybersecurity Planning: Insurance & Working with Outside Legal Counsel
January 25, 2018 -
Virginia Bio | Cybersecurity Incident Response (Webinar)
January 16, 2018
Seminars + Events
-
2019 Labor and Employment Seminar Series
October 2 - November 5, 2019 -
37th Annual Labor & Employment Seminar Series
September 20 - October 17, 2018 -
Key Legal Issues in Higher Education
March 1, 2018
Recognition
-
Best Lawyers in America Recognizes 70 WRVB Attorneys
August 17, 2023 -
70 WRVB Attorneys Named to 2022 “Legal Elite”
November 29, 2022 -
Beth Waller Appointed to Virginia Cybersecurity Planning Committee
November 8, 2022 -
Cybersecurity Attorney Beth Burgin Waller Now a Certified Privacy Law Specialist (PLS)
May 6, 2022 -
Beth Burgin Waller named to 2022 List of “Influential Women of Law”
April 5, 2022 -
26 Woods Rogers Attorneys Named “Legal Elite” or “Rising Stars”
December 1, 2021 -
WR Cybersecurity & Data Privacy Team Wins Innovation Award
October 15, 2021 -
Forty-four Woods Rogers Attorneys Recognized by Best Lawyers for 2022
August 19, 2021 -
31 Woods Rogers Attorneys Listed as “Legal Elite” and “Rising Stars”
November 30, 2020 -
Forty-one Woods Rogers Attorneys Recognized by The Best Lawyers in America for 2021
August 20, 2020 -
“Legal Elite” Ranking Lists 30 Woods Rogers Attorneys
December 10, 2019 -
Thirty-nine Woods Rogers Attorneys Recognized by The Best Lawyers in America for 2020
August 16, 2019 -
Attorney Beth Waller Achieves CIPP-US & CIPP-E Designations
June 20, 2019 -
Virginia Business Names 26 Woods Rogers Attorneys as 2018 “Legal Elite”
December 5, 2018 -
Twenty-four Woods Rogers Attorneys Named by Virginia Business as 2017 “Legal Elite”
December 1, 2017 -
Virginia Lawyers Weekly Honors Two Woods Rogers Attorneys
September 6, 2017 -
Twenty-one Woods Rogers attorneys awarded honors by Virginia Super Lawyers Magazine
May 1, 2017
