Beth Burgin Waller is a cybersecurity and data privacy attorney who uses her significant experience in technology to counsel clients on cybersecurity risk management, incident response, and privacy laws.

As chair of the Cybersecurity & Data Privacy Practice at Woods Rogers, Beth’s experience on the intersection of technology and the law is extensive. Beth is a Certified Information Privacy Professional with both U.S. and Europe designations (CIPP/US & CIPP/E) and a Certified Information Privacy Manager (CIPM) from the International Association of Privacy Professionals (IAPP).

Clients ranging from Fortune 200 companies to municipalities and universities, and spanning industries such as manufacturing, healthcare, banking, and energy depend on Beth for advice and counsel on risk management, data security, and regulatory compliance. Beth also advises clients in high-tech fields such as biotechnology and software development and has worked with clients pioneering new technologies such as blockchain and IoT devices.

Beth has been on the frontlines when an organization’s worst security fears are realized. She specializes in critical infrastructure cybersecurity incident response, with experience leading teams bringing complicated systems back online after cyber attacks. Beth has led cyber crisis management responses across different industries and has experience with the intersection of NERC CIP, GLBA, and HIPAA with cybersecurity incident response.

Beth is hands-on and leads a team of seasoned security professionals that dive into the nuances of network maps and IT asset inventories alongside clients and technical forensic incident response teams to quickly rebuild a downed enterprise. In this way, she is truly a “CISO’s lawyer.” These cyber incidents have given her insight into what an organization must do to become truly cyber resilient. She counsels her clients—including briefing their Boards of Directors—on the protective measures they can take before a cybersecurity crisis strikes.

With the rise of third-party vendor risk, Beth developed supplier vetting programs and often negotiates cyber and privacy risks associated with contracting. From data protection/information security addendums to high-stakes technology contracts, companies often hire Beth as outside general counsel to help their legal departments navigate cybersecurity and privacy risks.

In the field of privacy, Beth has helped companies build privacy programs from the ground up and led major regulatory compliance rollouts. Beth vets data impact assessments, privacy impact assessments, privacy policies, and the implementation of new technology on business operations and privacy compliance. From software applications to websites to even trade show attendance, Beth has experience navigating the complicated world of international and local privacy laws and regulations.

In 2021, Beth was named as a OneTrust Data Guidance expert in the field of data privacy in Virginia. Beth’s reputation as a leader in technology and the law is further evidenced by her appointment and election to leadership positions in both of the major bars of the Commonwealth: the Virginia State Bar and the Virginia Bar Association. In 2019, Beth was appointed to serve as Vice-Chair of the Virginia State Bar’s Special Committee on Technology and the Future Practice of Law. She previously chaired the Committee’s subcommittee on cybersecurity. In 2021, she was named to the Virginia Bar Association’s Intellectual Property and Information Technology Section Council. She also served for eight years as an adjunct professor of law at Washington and Lee University Law School, teaching technology-focused classes to law students.

Beth has been recognized repeatedly in Best Lawyers in America listings. She has been named a Virginia Super Lawyers Rising Star in multiple categories and Virginia Business magazine has ranked her in their Legal Elite listings. In 2017, she was named a Virginia Lawyers Weekly “Up & Coming Lawyer,” one of 15 attorneys selected across the Commonwealth for this distinction.

Beth is a frequent contributor to the national online cybersecurity journal Dark Reading, where she authors articles on cybersecurity’s and data privacy’s legal risks.

Beth graduated magna cum laude from Hollins University, with honors in creative writing, where she was also student body president. Beth attended the Sorensen Institute for Political Leadership at the University of Virginia before earning her law degree from the College of William & Mary.


American Bar Association

Virginia Bar Association
Intellectual Property and Information Technology Section Council

Virginia State Bar
Special Committee on the Technology and Practice of Law

Certified Information Privacy Manager (CIPM)

Certified Information Privacy Professional with a European designation (CIPP-E)

Certified Information Privacy Professional with a U.S. designation (CIPP-US)

Washington and Lee Law School
Adjunct Professor

Thought Leadership

Published Articles

Virginia: The CDPA Work Group’s final recommendations | OneTrust DataGuidance | November 23, 2021

Virginia – Cookies & Similar Technologies | OneTrust DataGuidance | September 30, 2021

Mission Critical: What Really Matters in a Cybersecurity Incident | Dark Reading | June 17, 2021

Virginia Takes Different Tack Than California With Data Privacy Law | Dark Reading | February 18, 2021

Virginia: CDPA On Track to be Signed Into Law by Governor | OneTrust DataGuidance | February 11, 2021

To Pay or Not to Pay: Responding to Ransomware From a Lawyer’s Perspective | Dark Reading | November 17, 2020

Ransomware from Your Lawyer’s Perspective | Dark Reading | June 16 | 2020

SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit | Dark Reading | December 5, 2019

How Network Logging Mitigates Legal Risk | Dark Reading | September 23, 2019

The California Consumer Privacy Act’s Hidden Surprise Has Big Legal Consequences | Dark Reading | August 13, 2019

Attack of the Zombie Fitbit | Lynchburg Business Magazine | June/July 2019

A Lawyer’s Guide to Cyber Insurance: 4 Basic Tips | Dark Reading | July 12, 2019

Incident Response: 3 Easy Traps & How to Avoid Them | Dark Reading | May 23, 2019

How to Help Your Board Navigate Cybersecurity’s Legal Risks | Dark Reading | April 30, 2019

Data in Danger | Lynchburg Business Magazine | August/September 2018

Fire Where There is No Flame: The Constitutionality of Single-Sex Education in the Commonwealth | William & Mary Journal of Women and the Law

Teaching Engagements

Electronic Discovery – W&L Law – Fall 2018

Featured Posts

Speaking Engagements

HIMSS Virginia Chapter | Double Extortion: Responding to Ransomware Incidents from a Lawyer’s Perspective | November 16, 2021

The Virginia Bar Association | A Lawyer’s Guide to Technology Related Liability: Issue Spotting Cybersecurity Risk for Clients | December 7, 2021

Virtual Coffee and Conversations | Cybersecurity 2.0: Beyond the Basics | November 5, 2021

VDH Cyber Talk Series | Ransomeware from a Legal Perspective | October 15, 2021

HIMSS Virginia Chapter - Annual Fall Conference | Double Extortion: Responding to Ransomware Incidents from a Lawyer’s Perspective | September 15, 2021

Virginia Bar Association Summer Meeting | Into the Breach: Practical Guidance on Cybersecurity Incidents | July 23, 2021

VCU School of Business Risk Management and Insurance Program | Into the Breach: Navigating the Risk of Sensitive Data | September 21, 2021

Central Virginia Small Business Development Center | Panel: Future Proofing Your Business with Blockchain | July 7, 2021

Commonwealth Information Security Council Information Security Conference | 2021 Cybersecurity Reboot – Tools for building a cyber resilience | June 24, 2021

OneTrust | Virginia CDPA Lands: What You Need To Know | March 4, 2021

Sycom Technologies & Woods Rogers | Ransomware Readiness and Response | February 9, 2021

Virginia Bar Association | Blockchain: The Intersection of Emerging Technology and an Evolving Legal Landscape | January 22, 2021

Women in E-Discovery Richmond Chapter | Cybersecurity & E-Discovery | January 27, 2021

HIMSS Virginia Chapter | What Healthcare Executives and Board Members Must Know About Enterprise Cyber Risk Management | January 26, 2021

Innovate Lynchburg | Real World Cyber… what’s REALLY going on? | November 17, 2020

Virginia Chapter of the American Society for Healthcare Risk Management | Cybersecurity & Privacy 2020: A Quick Look at Current Concerns | December 17, 2020

AICPA Employee Benefit Plans Conference | Cybersecurity Incident Response: A Walk Through A Data Breach | November 10, 2020

Virginia Bar Association Intellectual Property and Information Technology Section | Attack of the IoT Zombies: Confidentiality, Cybersecurity, and a Lawyer’s Duty | October 29, 2020

RVATech Talks | Richmond Technology Podcast | August 9, 2020

RVA Tech Data Summit | Cybersecurity & Data Privacy | March 11, 2020

2019 FireEye Cyber Defense Summit | Navigating the Labyrinth: A Guide to Board of Director Cybersecurity Legal Risk | October 9, 2019

HalfMoon Education Inc. | Cybersecurity Issues for Engineers | September 25, 2019

Kentucky Credit Union League | Cybersecurity Risk from a Legal Perspective: Top 10 Tips | July 17, 2019

Dark Reading Virtual Summit | Panel: The First 24 Hours: Advice to First Responders in a Critical Data Breach | June 26, 2019

2019 IG3 Mid-Atlantic Conference | Panel: Cybersecurity, Privacy & Data Protection | June 23, 2019

Virginia Information Technology Agency (VITA) | Cybersecurity & Data Privacy | June 5, 2019

Council of Independent Colleges in Virginia | Higher Education Legal Update | May 22, 2019

Annual VA Health Information and Management Systems Society | H.I.T. Advocacy Day | March 14, 2019

Virginia Credit Union League | Cybersecurity | Regulations & Compliance | November 6, 2018

Charlottesville Chamber of Commerce | Mission Possible: Cybersecurity Education & Defense for the Rest of Us | October 25, 2018

ACEC HR Forum | The Role of Human Resources in Securing the Workplace | October 16, 2018

General Counsel Roundtable | Cybersecurity | September 26, 2018

VT Roanoke Center Facts & Snacks | Cybersecurity and Privacy | August 30, 2018

CICV Conference for Chief HR Directors & Chief Financial Officers | Top Challenges in Cybersecurity Facing Higher Education in the 21st Century | June 14, 2018

CICV Technology Conference for Chief Information Officers | Cybersecurity | May 18, 2018

Virginia Community College System Information Security Officer Conference | General Data Protection Regulation | May 17, 2018

Virginia Association of Defense Attorneys—Spring Sections Seminar | Advances in Electronic Medical Records: Key Tactical Issues | May 10, 2018

Virginia Tech Corporate Research Center | European Union General Data Protection Regulation | April 24, 2018

Commonwealth of Virginia Information Security | Privacy and Security from a Legal Perspective | April 13, 2018

Virginia State Bar CLE: Annual Real Estate Seminar | Cybersecurity, Ethics and Real Estate Law | March 2, 2018

12th Annual VA Health Information and Management Systems Society H.I.T. Advocacy Day | Cybersecurity Planning: Insurance & Working with Outside Legal Counsel | January 25, 2018

Virginia Bio | Cybersecurity Incident Response (Webinar) | January 16, 2018


2019 Labor and Employment Seminar Series | October 2 - November 5

37th Annual Labor & Employment Seminar Series | September 20, 2018

Key Legal Issues in Higher Education | March 1, 2018


Lawyer case results depend upon a variety of factors unique to each case. Case results do not guarantee or predict a similar result in any future case undertaken by the lawyer.