Attorney Beth Waller

Elizabeth Burgin Waller

Principal | Cybersecurity & Data Privacy Practice Chair

Beth uses her significant experience in technology to counsel clients on cybersecurity risk management, incident response, and privacy laws.

Get To Know Beth

As chair of the Cybersecurity & Data Privacy practice at Woods Rogers, Beth’s practice is fully devoted to cybersecurity, data privacy, and artificial intelligence (AI). Clients ranging from local government and state agencies to mid-market firms and Fortune 200 companies depend on Beth for advice and counsel. Her clients span industries such as banking, healthcare, manufacturing, high-tech, and energy. She has deep experience counseling clients pioneering new technologies, including in the intersection of artificial intelligence (AI) with privacy regulatory concerns.

Beth’s credentials in the field are extensive. She is a certified Privacy Law Specialist by the International Association of Privacy Professionals (IAPP), which is accredited by the American Bar Association. In addition, she is a Certified Information Privacy Professional with expertise in both U.S. and European law (CIPP/US & CIPP/E) and a Certified Information Privacy Manager (CIPM), also from the IAPP.

In addition to client work, Beth contributes thought leadership across the cybersecurity and data privacy communities. In 2022, Beth was appointed by the Governor of Virginia to the Commonwealth’s first Cybersecurity Planning Committee for local and state governmental entities. In 2024, she was named one of Virginia Business magazine's "100 People to Meet" and was featured in as an innovator in the Commonwealth. Beth writes extensively for OneTrust Data Guidance on the nuances of Virginia’s new data privacy law as a OneTrust Data Privacy Expert. Beth is also a frequent contributor to the national cybersecurity journal Dark Reading, where she writes about the intersection of law, privacy, cybersecurity, and technology.

Beth has been recognized repeatedly in lawyer-ranking publications including Best Lawyers in America, Virginia Super Lawyers, and Virginia Business. Virginia Lawyers Weekly has named her among its “Up & Coming Lawyers” and “Influential Women in Law.” She has been featured as a data privacy expert by OneTrust Data Guidance in their international magazine spotlighting global privacy professionals. Most recently, Beth was named among the 2024 Lawdragon 500 Leading Global Cyber Lawyers list. 

The daughter of a winemaker, Beth grew up in the wine industry among vineyards and barrels. Along with a lifelong love of wine, she has cultivated a love of cooking which she shares with her two children. When not navigating complex privacy and cyber issues, she likes trying to explore new recipes and experiment in the kitchen with her son and daughter.


Cybersecurity Experience

  • Beth specializes in high stakes critical infrastructure incident response. This experience has made her adept at guiding rapid recoveries after ransomware incidents, having served as lead counsel in over 50 ransomware recoveries across a broad range of industries and in the critical governmental sector. Beth has successfully led major multi-national incidents from initial encryption to notification to regulatory review.
  • She has deep experience in counseling public traded companies on cybersecurity incident “materiality” determinations under the Securities and Exchange Commission (SEC) guidance and has assisted in the rapid drafting of 8-K and 10-Q publications. She also guides public boards and audit committees directly on cybersecurity risk mitigation and strategy, including through direct engagement by a company’s Board of Directors.
  • Beth has managed incidents in specialized industry fields including finance, healthcare, local government/state agency, and energy. She knows firsthand the nuanced interplay of industry-specific regulations such as GLBA, FERPA, HIPAA, and NERC CIP on incident response.
  • Beth’s work includes helping those in the government and defense contracting space, including reporting considerations for incidents involving confidential or controlled unclassified information and counseling clients on proposed CMMC considerations.

Privacy Experience

  • Beth has helped companies build global privacy programs from the ground up and led major regulatory compliance rollouts including those under GDPR, UK GDPR, PIPEDA, CIPL, LGPB, CCPA, and the ever-emerging field of state-to-state privacy regulations.
  • She has drafted data impact assessments, privacy impact assessments, privacy policies, cookie compliance, transfer impact assessments (and SCCs), and has built programs applying “privacy by design.” She works with her clients daily to spot privacy risks associated with their business’ privacy programs at the local, national, and global levels.

Cybersecurity & Privacy Contract Drafting and Review

  • Beth has negotiated countless information security addendums, data privacy supplements, and both vendor and customer-facing security and privacy contracts on both the customer and supplier side. She also has assisted clients on privacy-related M&A issue spotting, deal terms, and due diligence.
  • With the rise of third-party vendor risk, Beth has developed third-party vendor / supplier vetting programs including by building out vetting programs for large-scale procurement departments and streamlining those programs to capture risk without creating a bottleneck.
  • Beth is a strong proponent of cyber resilience efforts and often advises on cyber insurance on behalf of her private clients. She counsels clients on the protective measures they can take before a cybersecurity crisis strikes, often providing advice to the C-Suite, Audit Committees, and Board of Directors. In this way, she is truly a “CISO’s lawyer.”



William & Mary School of Law, J.D.

Hollins University, B.A., magna cum laude, academic honors in creative writing, student body president

Sorensen Institute, University of Virginia



U.S. Court of Appeals, Federal Circuit

U.S. Court of Appeals, Fourth Circuit

U.S. Court of Federal Claims

U.S. District Court, Eastern District of Virginia

U.S. District Court, Western District of Virginia


  • American Bar Association
  • Privacy Law Specialist (IAPP/ABA)
  • Certified Information Privacy Manager (CIPM)
  • Certified Information Privacy Professional with a European designation (CIPP-E)
  • Certified Information Privacy Professional with a U.S. designation (CIPP-US)
  • Virginia Bar Association, Intellectual Property and Information Technology Section Council, Vice Chair (2023)
  • Washington and Lee Law School, Former Adjunct Professor (8 Years)

News & Insights

Other Publications & Media

Matter results depend upon a variety of factors unique to each case. Past results do not guarantee or predict a similar result in any future matter. Some material on this site may be considered attorney advertising in some jurisdictions.

Jump to Page