Elizabeth Burgin Waller

Beth Burgin Waller is the chair of the Cybersecurity & Data Privacy practice at Woods Rogers. She advises clients on a wide range of technology related issues from complex technology transactions to critical cyber incident response. 

Beth has been at the forefront of the race to build AI infrastructure and technologies. From negotiating multi-million-dollar turbine purchases with original equipment manufacturers (OEMs) to power data centers to navigating privacy compliance with large language model (LLM) buildouts to AI governance concerns, Beth uses her experience to guide clients pioneering all aspects of AI.

She advises market leading clients, including Fortune 200 companies, across a wide range of industries including energy, automotive, high-tech, healthcare, software, pharmaceuticals, and manufacturing, and also provides counsel to state agencies and local governments.

Beth’s credentials in the field are extensive. The prestigious Chambers & Partners ranked Beth among the top cybersecurity attorneys in their U.S. (2025) and global (2026) listings. Clients interviewed by Chambers have described her as a “powerhouse,” who is “vastly knowledgeable, thoughtful, responsive, and down to earth” with “spectacular commercial and technical understanding” and have said that if you “want an issue solved, Beth is your ‘fire and forget.’” Also in 2025, Beth was named a BTI Client Service All Star, with clients saying that she “provides practical advice combined with an understanding of the industry-based risk.”

Beth was appointed by the Governor of Virginia to the Commonwealth’s first Cybersecurity Planning Committee for local and state governmental entities. In 2024, she was named one of Virginia Business magazine's "100 People to Meet" and was featured as an innovator. Beth has been repeatedly recognized in global, national, and statewide lawyer-rankings including the 2025 and 2026 Lawdragon 500 Leading Global Cyber Lawyers list.

She is a certified Privacy Law Specialist by the International Association of Privacy Professionals (IAPP), which is accredited by the American Bar Association. In addition, she is a Certified Information Privacy Professional with expertise in both U.S. and European law (CIPP/US & CIPP/E) and a Certified Information Privacy Manager (CIPM). Beth writes extensively for OneTrust Data Guidance as a OneTrust Data Privacy Expert and is a contributor to Law360. She has been quoted by numerous leading news publications on technology issues including Business Insider, Dark Reading, and The Wall Street Journal.

Technology and Complex Contracting Negotiations

• Beth has successfully negotiated hundreds of contracts across a broad range of industries. From high-risk information security addendums to cloud computing agreements to major master services agreements, Beth has served as lead counsel on contract negotiations ranging from $20M to $1.5B+ in spend. As commercial contracts increasingly incorporate technology-centric terms, Beth has been retained to lead these negotiations and advise on their associated risks.
• Beth has crafted form information security addendums, data privacy agreements, and agreements focused on data protection and AI for Fortune 200 companies to use across their global procurement programs.
• Beth has served as interim data privacy officer in multiple settings and has experience working as a short-term embedded member of large legal departments.
• She had advised General Counsel and Chief Procurement Officers on management of enterprise-wide tech procurement and contracting concerns.

Cybersecurity

• Beth has deep experience in high stakes critical infrastructure incident response. This experience has made her adept at guiding rapid recoveries after ransomware incidents, having served as lead counsel in hundreds of incidents across a broad range of industries and in the critical governmental sector. She has successfully led major multi-national incidents from initial encryption to notification to regulatory review. She also has experience in the nuanced interplay of industry-specific regulations such as GLBA, FERPA, HIPAA, NERC CIP, and the DFARs clauses on incident response.
• Beth has guided public boards and audit committees directly on cybersecurity risk mitigation and strategy, including on materiality concerns and considerations under Securities Exchange Commission (SEC) Guidance.
• She works with key stakeholders in the government and defense contracting space, including reporting considerations for incidents involving confidential or controlled unclassified information (CUI) and counseling clients on CMMC considerations.
• Beth has helped Chief Information Security Officers (CISOs) design tabletop exercises to address emerging risks to best prepare for large-scale global incidents.
• She has reviewed and worked alongside risk management teams building multi-tiered cyber insurance programs and cyber captives.

Artificial Intelligence

• Beth has experience building AI governance programs to comply with emerging AI laws and regulations including the EU AI Act.
• Beth has worked with companies seeking to invest and expand their AI assets, including those engaged in outsourced development of AI tools to augment their commercial enterprises.
• She has crafted AI-centric contract provisions to comply with emerging AI laws and to manage AI-centric risk.

Privacy

• Beth has helped companies build global privacy programs from the ground up and led major regulatory compliance rollouts including those under GDPR, UK GDPR, PIPEDA, CIPL, LGPB, CCPA, and the ever-emerging field of state-to-state privacy regulations.
• Beth has experience with cookie compliance, transfer impact assessments (and SCCs), data impact assessments, and works with her clients daily to spot privacy risks associated with their businesses. 

Recognition

Education

William & Mary School of Law, J.D.

Hollins University, B.A., magna cum laude, academic honors in creative writing, student body president

Sorensen Institute, University of Virginia

Admissions

Virginia

U.S. Court of Appeals, Federal Circuit

U.S. Court of Appeals, Fourth Circuit

U.S. Court of Federal Claims

U.S. District Court, Eastern District of Virginia

U.S. District Court, Western District of Virginia

• William & Mary School of Law, Adjunct Professor of AI, Cybersecurity, and Data Privacy Advanced Negotiations (2025)

• American Bar Association
• Privacy Law Specialist (IAPP/ABA)
• Certified Information Privacy Manager (CIPM)
• Certified Information Privacy Professional with a European designation (CIPP-E)
• Certified Information Privacy Professional with a U.S. designation (CIPP-US)

• with Elaine McCafferty, "Comment: The Necessary Evolution of State Data Breach Notification Laws: Keeping Pace with New Cyber Threats, Quantum Decryption, and the Rapid Expansion of Technology," Washington and Lee Law Review, Winter 2022.
• "Cyber Insurance and War Exclusions," Dark Reading, March 23, 2022.
• "Mission Critical: What Really Matters in a Cybersecurity Incident," Dark Reading, June 17, 2021.
• "Virginia Takes Different Tack Than California With Data Privacy Law," Dark Reading, February 18, 2021.
• "To Pay or Not to Pay: Responding to Ransomware From a Lawyer’s Perspective," Dark Reading, November 17, 2020.
• "Ransomware from Your Lawyer’s Perspective," Dark Reading, June 16, 2020.
• "SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit," Dark Reading, December 5, 2019.
• "How Network Logging Mitigates Legal Risk," Dark Reading, September 23, 2019.
• "The California Consumer Privacy Act’s Hidden Surprise Has Big Legal Consequences," Dark Reading, August 13, 2019.
• "Attack of the Zombie Fitbit," Lynchburg Business Magazine, June/July 2019.
• "A Lawyer’s Guide to Cyber Insurance: 4 Basic Tips," Dark Reading, July 12, 2019.
• "Incident Response: 3 Easy Traps & How to Avoid Them," Dark Reading, May 23, 2019.
• "How to Help Your Board Navigate Cybersecurity’s Legal Risks," Dark Reading, April 30, 2019.
• "Data in Danger," Lynchburg Business Magazine, August/September 2018.
• "Fire Where There is No Flame: The Constitutionality of Single-Sex Education in the Commonwealth," William & Mary Journal of Women and the Law.