Beth Burgin Waller is a cybersecurity and data privacy attorney who uses her considerable experience in technology to counsel clients on cybersecurity risk management, incident response, and privacy laws.

As chair of the Cybersecurity & Data Privacy Practice at Woods Rogers, Beth’s practice is fully devoted to cybersecurity and data privacy. Clients ranging from local government and state agencies to mid-market firms and Fortune 200 companies depend on Beth for advice and counsel. Her clients span industries such as banking, healthcare, manufacturing, high-tech, and energy.

Beth’s credentials in the field are extensive. She is a certified Privacy Law Specialist by the International Association of Privacy Professionals (IAPP), which is accredited by the American Bar Association. In addition, she is a Certified Information Privacy Professional with expertise in both U.S. and European law (CIPP/US & CIPP/E) and a Certified Information Privacy Manager (CIPM), also from the IAPP.

In addition to client work, Beth contributes thought leadership across the cybersecurity and data privacy communities. In 2022, Beth was appointed to Virginia’s incident reporting work group, assisting the development of incident reporting guidelines for local and state governments under Virginia legislation. Beth writes extensively for OneTrust Data Guidance on the nuances of Virginia’s new data privacy law as a OneTrust Data Privacy Expert. Beth is also a frequent contributor to the national cybersecurity journal Dark Reading, where she writes about the intersection of law, privacy, cybersecurity, and technology.

Beth has been recognized repeatedly in lawyer-ranking publications including Best Lawyers in America, Virginia Super Lawyers, and Virginia Business. In 2017, she was named a Virginia Lawyers Weekly “Up & Coming Lawyer.” In 2022, she was named to the Virginia Lawyers Weekly “Influential Women in Law,” one of only a handful of women attorneys selected from across the Commonwealth for this distinction. In 2021, she was featured as a data privacy expert by OneTrust Data Guidance in their international magazine spotlighting global privacy professionals.

Beth’s reputation as a leader in technology and the law is further shown by her appointment and election to leadership positions in both major bars of the Commonwealth: the Virginia State Bar and the Virginia Bar Association. In 2021, she was named to the Virginia Bar Association’s Intellectual Property and Information Technology Section Council where she currently serves on the executive leadership team. She also taught for eight years as an adjunct law professor at Washington and Lee University Law School, leading technology-analytics-focused classes for law students.

Beth graduated magna cum laude from Hollins University, with academic honors in creative writing, where she was also student body president. Beth attended the Sorensen Institute for Political Leadership at the University of Virginia before earning her law degree from the College of William & Mary.

The following are examples of Beth’s experience across the fields of privacy and cybersecurity:

Cybersecurity Incident Response Experience

  • Beth specializes in critical infrastructure incident response and has deep experience in governmental cyber incident response. When, for example, a county’s 911 dispatch system or a state agency is hit with a catastrophic cyber incident such as ransomware, it is often Beth who is entrusted with guiding it back from the brink.
  • Beth has managed high-stakes cyber incidents in the financial, healthcare, energy, and governmental sectors and knows firsthand the nuanced interplay of industry-specific regulations such as GLBA, HIPAA, and NERC CIP on cybersecurity incident response. Beth is a hands-on leader, diving into the details of network maps and IT asset inventories alongside clients and elite forensic teams to quickly rebuild a downed enterprise quickly and efficiently.

Privacy Compliance Experience

  • Beth has helped companies build privacy programs from the ground up and led major regulatory compliance rollouts. She has drafted data impact assessments, privacy impact assessments, privacy policies, and has built programs applying “privacy by design.” She works with her clients daily to spot privacy risks associated with their businesses both local and global.

Cybersecurity & Privacy Contract and M&A Experience

  • With the rise of third-party vendor risk, Beth has developed third-party vendor / supplier vetting programs. On high-stakes contracts, Beth is often brought in by global legal departments to negotiate cyber and privacy-related risks. She has negotiated countless information security addendums, data privacy supplements, and both vendor and customer-facing security and privacy contracts. She also has assisted clients on privacy-related M&A issue spotting, deal terms, and due diligence.

Cybersecurity Resilience and Cyber Insurance Experience

  • Beth is a strong proponent of cyber resilience efforts and often negotiates cyber insurance on behalf of her private clients. She counsels clients on the protective measures they can take before a cybersecurity crisis strikes, often providing advice to the C-Suite, Audit Committees, and Board of Directors. In this way, she is truly a “CISO’s lawyer.”

Thought Leadership

Published Articles


Teaching Engagements

Electronic Discovery – W&L Law – Fall 2018

Attorney Perspectives

Speaking Engagements

  • Council of School Attorneys (COSA) | The Role of School Board Counsel in Cybersecurity Incidents
    November 16, 2022
  • Virginia Cyber Security Partnership, Virginia Alliance for Secure Computing And Networking, VCU Cybersecurity Center | 2022 Cybersecurity Career Panel
    October 28, 2022
  • Stafford Webinars | Ransomware, Cyber Insurance, and the GC’s Role: Current Executive Order, Risks Related to Payment, FBI Guidance
    September 27, 2022
  • Virginia Society of CPAs 52nd Annual Virginia Accounting & Auditing Conference | Plan Sponsor’s Perch With a Participant Perspective for Retirement Plan Best Practices
    September 26, 2022
  • Sailpoint | Cybersecurity Insurance Webinar
    September 21, 2022
  • VCU School of Business Risk Management and Insurance Program | Cybersecurity in 2022: Examining an Evolving Threat Landscape from Incident Response to Building Resilience
    September 9, 2022
  • Legal Talk Network: Digital Detectives | Advice for Law Firms from a Data Breach/Privacy Lawyer
    July 28, 2022
  • Commonwealth of Virginia 2022 Information Security Conference | Cyber Resilience: Turning Your Enterprise Into a Phoenix Rising From the Virtual Ashes
    August 18, 2022
  • 15th Annual MS-ISAC Meeting | Lessons from the Life Cycle of a Cyber Incident – Expert Perspectives on What to Do Before, During, and After Experiencing a Cyber Incident
    August 10, 2022
  • Mandiant Worldwide Information Security Exchange (mWISE™) | Navigating the New Normal In Cyber Insurance: From Application to Ensuring Robust Coverage
    October 18, 2022
  • Innovate 2022 Conference | Security: What Different Industries Are Doing to Protect You
    October 21, 2022
  • American Intellectual Property Law Association Spring Meeting | Responsibility of Attorneys to Develop and Maintain Tech Knowledge
    May 18, 2022
  • Strafford | Drafting Data and Cybersecurity Provisions in Third-Party Vendor Agreements: Limits to Liability, Indemnification
    February 24, 2022
  • Virginia School Boards Association Hot Topic Conference | Cyber Security Incident Response 101
    April 20, 2022
  • HIMSS Virginia Chapter - Annual Fall Conference | Double Extortion: Responding to Ransomware Incidents from a Lawyer’s Perspective
    September 15, 2021
  • Virginia Bar Association Summer Meeting | Into the Breach: Practical Guidance on Cybersecurity Incidents
    July 23, 2021
  • VCU School of Business Risk Management and Insurance Program | Into the Breach: Navigating the Risk of Sensitive Data
    September 21, 2021
  • Central Virginia Small Business Development Center | Panel: Future Proofing Your Business with Blockchain
    July 7, 2021
  • Commonwealth Information Security Council Information Security Conference | 2021 Cybersecurity Reboot – Tools for building a cyber resilience
    June 24, 2021
  • OneTrust | Virginia CDPA Lands: What You Need To Know
    March 4, 2021
  • Sycom Technologies & Woods Rogers | Ransomware Readiness and Response
    February 9, 2021
  • Virginia Bar Association | Blockchain: The Intersection of Emerging Technology and an Evolving Legal Landscape
    January 22, 2021
  • Women in E-Discovery Richmond Chapter | Cybersecurity & E-Discovery
    January 27, 2021
  • HIMSS Virginia Chapter | What Healthcare Executives and Board Members Must Know About Enterprise Cyber Risk Management
    January 26, 2021
  • Innovate Lynchburg | Real World Cyber… what’s REALLY going on?
    November 17, 2020
  • Virginia Chapter of the American Society for Healthcare Risk Management | Cybersecurity & Privacy 2020: A Quick Look at Current Concerns
    December 17, 2020
  • AICPA Employee Benefit Plans Conference | Cybersecurity Incident Response: A Walk Through A Data Breach
    November 10, 2020
  • Virginia Bar Association Intellectual Property and Information Technology Section | Attack of the IoT Zombies: Confidentiality, Cybersecurity, and a Lawyer’s Duty
    October 29, 2020
  • RVATech Talks | Richmond Technology Podcast
    August 9, 2020
  • RVA Tech Data Summit | Cybersecurity & Data Privacy
    March 11, 2020
  • 2019 FireEye Cyber Defense Summit | Navigating the Labyrinth: A Guide to Board of Director Cybersecurity Legal Risk
    October 9, 2019
  • HalfMoon Education Inc. | Cybersecurity Issues for Engineers
    September 25, 2019
  • Kentucky Credit Union League | Cybersecurity Risk from a Legal Perspective: Top 10 Tips
    July 17, 2019
  • Dark Reading Virtual Summit | Panel: The First 24 Hours: Advice to First Responders in a Critical Data Breach
    June 26, 2019
  • 2019 IG3 Mid-Atlantic Conference | Panel: Cybersecurity, Privacy & Data Protection
    June 23, 2019
  • Virginia Information Technology Agency (VITA) | Cybersecurity & Data Privacy
    June 5, 2019
  • Council of Independent Colleges in Virginia | Higher Education Legal Update
    May 22, 2019
  • Annual VA Health Information and Management Systems Society | H.I.T. Advocacy Day
    March 14, 2019
  • Virginia Credit Union League | Cybersecurity | Regulations & Compliance
    November 6, 2018
  • Charlottesville Chamber of Commerce | Mission Possible: Cybersecurity Education & Defense for the Rest of Us
    October 25, 2018
  • ACEC HR Forum | The Role of Human Resources in Securing the Workplace
    October 16, 2018
  • General Counsel Roundtable | Cybersecurity
    September 26, 2018
  • VT Roanoke Center Facts & Snacks | Cybersecurity and Privacy
    August 30, 2018
  • CICV Conference for Chief HR Directors & Chief Financial Officers | Top Challenges in Cybersecurity Facing Higher Education in the 21st Century
    June 14, 2018
  • CICV Technology Conference for Chief Information Officers | Cybersecurity
    May 18, 2018
  • Virginia Community College System Information Security Officer Conference | General Data Protection Regulation
    May 17, 2018
  • Virginia Association of Defense Attorneys—Spring Sections Seminar | Advances in Electronic Medical Records: Key Tactical Issues
    May 10, 2018
  • Virginia Tech Corporate Research Center | European Union General Data Protection Regulation
    April 24, 2018
  • Commonwealth of Virginia Information Security | Privacy and Security from a Legal Perspective
    April 13, 2018
  • Virginia State Bar CLE: Annual Real Estate Seminar | Cybersecurity, Ethics and Real Estate Law
    March 2, 2018
  • 12th Annual VA Health Information and Management Systems Society H.I.T. Advocacy Day | Cybersecurity Planning: Insurance & Working with Outside Legal Counsel
    January 25, 2018
  • Virginia Bio | Cybersecurity Incident Response (Webinar)
    January 16, 2018

Seminars + Events

  • 2019 Labor and Employment Seminar Series
    October 2 - November 5, 2019
  • 37th Annual Labor & Employment Seminar Series
    September 20 - October 17, 2018
  • Key Legal Issues in Higher Education
    March 1, 2018

Recognition