Beth is a cybersecurity and data privacy attorney who uses her considerable experience in technology to counsel clients on cybersecurity risk management, incident response, and privacy laws.
As chair of the Cybersecurity & Data Privacy practice at Woods Rogers Vandeventer Black (WRVB), Beth’s practice is fully devoted to cybersecurity and data privacy. Clients ranging from local government and state agencies to mid-market firms and Fortune 200 companies depend on Beth for advice and counsel. Her clients span industries such as banking, healthcare, manufacturing, high-tech, and energy.
Beth’s credentials in the field are extensive. She is a certified Privacy Law Specialist by the International Association of Privacy Professionals (IAPP), which is accredited by the American Bar Association. In addition, she is a Certified Information Privacy Professional with expertise in both U.S. and European law (CIPP/US & CIPP/E) and a Certified Information Privacy Manager (CIPM), also from the IAPP.
In addition to client work, Beth contributes thought leadership across the cybersecurity and data privacy communities. In 2022, Beth was appointed to Virginia’s incident reporting work group, assisting the development of incident reporting guidelines for local and state governments under Virginia legislation. Beth writes extensively for OneTrust Data Guidance on the nuances of Virginia’s new data privacy law as a OneTrust Data Privacy Expert. Beth is also a frequent contributor to the national cybersecurity journal Dark Reading, where she writes about the intersection of law, privacy, cybersecurity, and technology.
Beth has been recognized repeatedly in lawyer-ranking publications including Best Lawyers in America, Virginia Super Lawyers, and Virginia Business. In 2017, she was named a Virginia Lawyers Weekly “Up & Coming Lawyer.” In 2022, she was named to the Virginia Lawyers Weekly “Influential Women in Law,” one of only a handful of women attorneys selected from across the Commonwealth for this distinction. In 2021, she was featured as a data privacy expert by OneTrust Data Guidance in their international magazine spotlighting global privacy professionals.
Beth’s reputation as a leader in technology and the law is further shown by her appointment and election to leadership positions in both major bars of the Commonwealth: the Virginia State Bar and the Virginia Bar Association. In 2021, she was named to the Virginia Bar Association’s Intellectual Property and Information Technology Section Council where she currently serves on the executive leadership team. She also taught for eight years as an adjunct law professor at Washington and Lee University Law School, leading technology-analytics-focused classes for law students.
Beth graduated magna cum laude from Hollins University, with academic honors in creative writing, where she was also student body president. Beth attended the Sorensen Institute for Political Leadership at the University of Virginia before earning her law degree from the College of William & Mary.
Representative Experience
Cybersecurity Incident Response Experience
- Beth specializes in critical infrastructure incident response and has deep experience in governmental cyber incident response. When, for example, a county’s 911 dispatch system or a state agency is hit with a catastrophic cyber incident such as ransomware, it is often Beth who is entrusted with guiding it back from the brink.
- Beth has managed high-stakes cyber incidents in the financial, healthcare, energy, and governmental sectors and knows firsthand the nuanced interplay of industry-specific regulations such as GLBA, HIPAA, and NERC CIP on cybersecurity incident response. Beth is a hands-on leader, diving into the details of network maps and IT asset inventories alongside clients and elite forensic teams to quickly rebuild a downed enterprise quickly and efficiently.
Privacy Compliance Experience
- Beth has helped companies build privacy programs from the ground up and led major regulatory compliance rollouts. She has drafted data impact assessments, privacy impact assessments, privacy policies, and has built programs applying “privacy by design.” She works with her clients daily to spot privacy risks associated with their businesses both local and global.
Cybersecurity & Privacy Contract and M&A Experience
- With the rise of third-party vendor risk, Beth has developed third-party vendor / supplier vetting programs. On high-stakes contracts, Beth is often brought in by global legal departments to negotiate cyber and privacy-related risks. She has negotiated countless information security addendums, data privacy supplements, and both vendor and customer-facing security and privacy contracts. She also has assisted clients on privacy-related M&A issue spotting, deal terms, and due diligence.
Cybersecurity Resilience and Cyber Insurance Experience
- Beth is a strong proponent of cyber resilience efforts and often negotiates cyber insurance on behalf of her private clients. She counsels clients on the protective measures they can take before a cybersecurity crisis strikes, often providing advice to the C-Suite, Audit Committees, and Board of Directors. In this way, she is truly a “CISO’s lawyer.”
Thought Leadership
Published Articles
- With Elaine McCafferty, Comment: The Necessary Evolution of State Data Breach Notification Laws: Keeping Pace with New Cyber Threats, Quantum Decryption, and the Rapid Expansion of Technology, Washington and Lee Law Review, Winter 2022
- Cyber Insurance and War Exclusions, Dark Reading, March 23, 2022
- Mission Critical: What Really Matters in a Cybersecurity Incident, Dark Reading, June 17, 2021
- Virginia Takes Different Tack Than California With Data Privacy Law, Dark Reading, February 18, 2021
- To Pay or Not to Pay: Responding to Ransomware From a Lawyer’s Perspective, Dark Reading, November 17, 2020
- Ransomware from Your Lawyer’s Perspective, Dark Reading, June 16, 2020
- SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit, Dark Reading, December 5, 2019
- How Network Logging Mitigates Legal Risk, Dark Reading, September 23, 2019
- The California Consumer Privacy Act’s Hidden Surprise Has Big Legal Consequences, Dark Reading, August 13, 2019
- Attack of the Zombie Fitbit, Lynchburg Business Magazine, June/July 2019
- A Lawyer’s Guide to Cyber Insurance: 4 Basic Tips, Dark Reading, July 12, 2019
- Incident Response: 3 Easy Traps & How to Avoid Them, Dark Reading, May 23, 2019
- How to Help Your Board Navigate Cybersecurity’s Legal Risks, Dark Reading, April 30, 2019
- Data in Danger, Lynchburg Business Magazine, August/September 2018
- Fire Where There is No Flame: The Constitutionality of Single-Sex Education in the Commonwealth, William & Mary Journal of Women and the Law
Teaching Engagements
Electronic Discovery – W&L Law – Fall 2018
Attorney Perspectives
-
Biometric Privacy Trial Is a Milestone in Privacy Law
October 25, 2022 -
A New Day for Data Privacy: California Privacy Act Exemptions Will Expire
September 1, 2022 -
Internal Inferences Must Be Disclosed to Consumers Under CCPA
April 15, 2022 -
Proposed SEC Cybersecurity Rules Require Public Companies to Act Now
March 24, 2022 -
New Notification Requirements for Critical Infrastructure
March 18, 2022 -
Banks Will Have 36 Hours to Report Cyberattacks Under New Rule
January 12, 2022 -
Questions About Tort and Contract Claims in the Cybersecurity Context Left Unsettled
November 30, 2021 -
The Colorado Privacy Act: Understanding Your Newest Compliance Challenge
June 23, 2021 -
Before the Breach: Time to Get Serious About Cyber Resilience
June 15, 2021 -
Governor Signs Virginia Consumer Data Protection Act
March 3, 2021
Featured Posts
-
Beth Waller Offers ‘Buyer Beware’ on Incident Response Coverage, Mandiant Cyber Snapshot, Issue 3
March 16, 2023 -
Beth Waller Highlights Uniqueness of Virginia Consumer Data Protection Act (VCDP)
March 14, 2023
Speaking Engagements
-
Virginia Commonwealth University SCMA Symposium | Keynote Speaker on Cybersecurity
April 14, 2023 -
Virginia Corporate Security Symposium (CSS) | Ransomeware: A Case Study
February 23, 2023 -
Council of School Attorneys (COSA) | The Role of School Board Counsel in Cybersecurity Incidents
November 16, 2022 -
Roanoke Valley Paralegal Association | Cybersecurity – Incident Response 101
November 10, 2022 -
Sailpoint | Cyber Insurance, Incident Response Vetting, and Finding True Solutions to 2022 Threats
November 2, 2022 -
Virginia Cyber Security Partnership, Virginia Alliance for Secure Computing And Networking, VCU Cybersecurity Center | 2022 Cybersecurity Career Panel
October 28, 2022 -
Innovate 2022 Conference | Security: What Different Industries Are Doing to Protect You
October 21, 2022 -
Mandiant Worldwide Information Security Exchange (mWISE™) | Navigating the New Normal In Cyber Insurance: From Application to Ensuring Robust Coverage
October 18, 2022 -
Mid-Atlantic Financial Services Cybersecurity Consortium | Ransomware and the Financial Sector
October 18, 2022 -
Stafford Webinars | Ransomware, Cyber Insurance, and the GC’s Role: Current Executive Order, Risks Related to Payment, FBI Guidance
September 27, 2022 -
Virginia Society of CPAs 52nd Annual Virginia Accounting & Auditing Conference | Plan Sponsor’s Perch With a Participant Perspective for Retirement Plan Best Practices
September 26, 2022 -
Sailpoint | Cybersecurity Insurance Webinar
September 21, 2022 -
VCU School of Business Risk Management and Insurance Program | Cybersecurity in 2022: Examining an Evolving Threat Landscape from Incident Response to Building Resilience
September 9, 2022 -
Commonwealth of Virginia 2022 Information Security Conference | Cyber Resilience: Turning Your Enterprise Into a Phoenix Rising From the Virtual Ashes
August 18, 2022 -
15th Annual MS-ISAC Meeting | Lessons from the Life Cycle of a Cyber Incident – Expert Perspectives on What to Do Before, During, and After Experiencing a Cyber Incident
August 10, 2022 -
Legal Talk Network: Digital Detectives | Advice for Law Firms from a Data Breach/Privacy Lawyer
July 28, 2022 -
American Intellectual Property Law Association Spring Meeting | Responsibility of Attorneys to Develop and Maintain Tech Knowledge
May 18, 2022 -
Virginia School Boards Association Hot Topic Conference | Cyber Security Incident Response 101
April 20, 2022 -
Strafford | Drafting Data and Cybersecurity Provisions in Third-Party Vendor Agreements: Limits to Liability, Indemnification
February 24, 2022 -
VCU School of Business Risk Management and Insurance Program | Into the Breach: Navigating the Risk of Sensitive Data
September 21, 2021 -
HIMSS Virginia Chapter - Annual Fall Conference | Double Extortion: Responding to Ransomware Incidents from a Lawyer’s Perspective
September 15, 2021 -
Virginia Bar Association Summer Meeting | Into the Breach: Practical Guidance on Cybersecurity Incidents
July 23, 2021 -
Central Virginia Small Business Development Center | Panel: Future Proofing Your Business with Blockchain
July 7, 2021 -
Commonwealth Information Security Council Information Security Conference | 2021 Cybersecurity Reboot – Tools for building a cyber resilience
June 24, 2021 -
OneTrust | Virginia CDPA Lands: What You Need To Know
March 4, 2021 -
Sycom Technologies & Woods Rogers | Ransomware Readiness and Response
February 9, 2021 -
Women in E-Discovery Richmond Chapter | Cybersecurity & E-Discovery
January 27, 2021 -
HIMSS Virginia Chapter | What Healthcare Executives and Board Members Must Know About Enterprise Cyber Risk Management
January 26, 2021 -
Virginia Bar Association | Blockchain: The Intersection of Emerging Technology and an Evolving Legal Landscape
January 22, 2021 -
Virginia Chapter of the American Society for Healthcare Risk Management | Cybersecurity & Privacy 2020: A Quick Look at Current Concerns
December 17, 2020 -
Innovate Lynchburg | Real World Cyber… what’s REALLY going on?
November 17, 2020 -
AICPA Employee Benefit Plans Conference | Cybersecurity Incident Response: A Walk Through A Data Breach
November 10, 2020 -
Virginia Bar Association Intellectual Property and Information Technology Section | Attack of the IoT Zombies: Confidentiality, Cybersecurity, and a Lawyer’s Duty
October 29, 2020 -
RVATech Talks | Richmond Technology Podcast
August 9, 2020 -
RVA Tech Data Summit | Cybersecurity & Data Privacy
March 11, 2020 -
2019 FireEye Cyber Defense Summit | Navigating the Labyrinth: A Guide to Board of Director Cybersecurity Legal Risk
October 9, 2019 -
HalfMoon Education Inc. | Cybersecurity Issues for Engineers
September 25, 2019 -
Kentucky Credit Union League | Cybersecurity Risk from a Legal Perspective: Top 10 Tips
July 17, 2019 -
Dark Reading Virtual Summit | Panel: The First 24 Hours: Advice to First Responders in a Critical Data Breach
June 26, 2019 -
2019 IG3 Mid-Atlantic Conference | Panel: Cybersecurity, Privacy & Data Protection
June 23, 2019 -
Virginia Information Technology Agency (VITA) | Cybersecurity & Data Privacy
June 5, 2019 -
Council of Independent Colleges in Virginia | Higher Education Legal Update
May 22, 2019 -
Annual VA Health Information and Management Systems Society | H.I.T. Advocacy Day
March 14, 2019 -
Virginia Credit Union League | Cybersecurity | Regulations & Compliance
November 6, 2018 -
Charlottesville Chamber of Commerce | Mission Possible: Cybersecurity Education & Defense for the Rest of Us
October 25, 2018 -
ACEC HR Forum | The Role of Human Resources in Securing the Workplace
October 16, 2018 -
General Counsel Roundtable | Cybersecurity
September 26, 2018 -
VT Roanoke Center Facts & Snacks | Cybersecurity and Privacy
August 30, 2018 -
CICV Conference for Chief HR Directors & Chief Financial Officers | Top Challenges in Cybersecurity Facing Higher Education in the 21st Century
June 14, 2018 -
CICV Technology Conference for Chief Information Officers | Cybersecurity
May 18, 2018 -
Virginia Community College System Information Security Officer Conference | General Data Protection Regulation
May 17, 2018 -
Virginia Association of Defense Attorneys—Spring Sections Seminar | Advances in Electronic Medical Records: Key Tactical Issues
May 10, 2018 -
Virginia Tech Corporate Research Center | European Union General Data Protection Regulation
April 24, 2018 -
Commonwealth of Virginia Information Security | Privacy and Security from a Legal Perspective
April 13, 2018 -
Virginia State Bar CLE: Annual Real Estate Seminar | Cybersecurity, Ethics and Real Estate Law
March 2, 2018 -
12th Annual VA Health Information and Management Systems Society H.I.T. Advocacy Day | Cybersecurity Planning: Insurance & Working with Outside Legal Counsel
January 25, 2018 -
Virginia Bio | Cybersecurity Incident Response (Webinar)
January 16, 2018
Seminars + Events
-
2019 Labor and Employment Seminar Series
October 2 - November 5, 2019 -
37th Annual Labor & Employment Seminar Series
September 20 - October 17, 2018 -
Key Legal Issues in Higher Education
March 1, 2018
Recognition
-
Beth Waller Appointed to Virginia Cybersecurity Planning Committee
November 8, 2022 -
Cybersecurity Attorney Beth Burgin Waller Now a Certified Privacy Law Specialist (PLS)
May 6, 2022 -
Beth Burgin Waller named to 2022 List of “Influential Women of Law”
April 5, 2022 -
26 Woods Rogers Attorneys Named “Legal Elite” or “Rising Stars”
December 1, 2021 -
WR Cybersecurity & Data Privacy Team Wins Innovation Award
October 15, 2021 -
Forty-four Woods Rogers Attorneys Recognized by Best Lawyers for 2022
August 19, 2021 -
31 Woods Rogers Attorneys Listed as “Legal Elite” and “Rising Stars”
November 30, 2020 -
Forty-one Woods Rogers Attorneys Recognized by The Best Lawyers in America for 2021
August 20, 2020 -
“Legal Elite” Ranking Lists 30 Woods Rogers Attorneys
December 10, 2019 -
Thirty-nine Woods Rogers Attorneys Recognized by The Best Lawyers in America for 2020
August 16, 2019 -
Attorney Beth Waller Achieves CIPP-US & CIPP-E Designations
June 20, 2019 -
Virginia Business Names 26 Woods Rogers Attorneys as 2018 “Legal Elite”
December 5, 2018 -
Twenty-four Woods Rogers Attorneys Named by Virginia Business as 2017 “Legal Elite”
December 1, 2017 -
Virginia Lawyers Weekly Honors Two Woods Rogers Attorneys
September 6, 2017 -
Twenty-one Woods Rogers attorneys awarded honors by Virginia Super Lawyers Magazine
May 1, 2017