Earlier this year, the NCBarBlog spotlighted Opt-Inspire, and North Carolina became the first state to grant pro bono credit to attorney volunteers delivering our digital safety sessions. Since then, our presentations have been approved by the IAPP (formerly known as International Association of Privacy Professionals) for Continuing Privacy Education (CPE) credit (3.0 CPEs for a volunteer’s first presentation; 1.0 thereafter for CIPP/A, CIPP/C, CIPP/CN, CIPP/E, CIPP/US, CIPM, CIPT).
On October 1, 2025, in honor of Cybersecurity Awareness Month, we’re launching #1MSecureTogether along with a student-run nonprofit focused on enhancing digital literacy for older adults, Tech Me Kid. #1MSecureTogether is a nationwide push to equip one million people in one year with practical digital safety skills (by October 1, 2026).
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2025-08-18 16:51:372025-08-18 16:54:52North Carolina Helped Us Start a Movement, and Now We’re Aiming for 1 Million Safer
Two recent personal events had me thinking lately about the tension between innovation and individual rights, and the risk decisions we make to find a happy medium. The first event was the purchase of a car, necessitated by someone rear-ending my 2004 Honda. Being from Cleveland, it is logical to me to drive a vehicle into the ground, and I was perfectly happy with my ride. (So were the mice in our garage, but that is another story. I will say, however, that Irish Spring soap does work.) Although my kids derided me about the low tech, I didn’t realize what I was missing until I started driving the new car – a previously owned 2019 model with a more fulsome tech package. I had a fleeting thought about vetting the apps before connecting my personal devices, but with the promise of life-changing results, I forged ahead and am happily enjoying the benefits. An easy risk decision. The second event was our power going out as a result of a recent storm. Our power did not just go out for a few hours like our neighbors. Instead, when the electric company fixed the problem, the power surge killed our aging breakers, and we were without power – for over . . . twenty . . . four . . . hours. (Ellipses for dramatic effect. It actually wasn’t so bad.) I learned, however, that a high-end smart breaker panel may have given us some warning, and at the very least saved me from a bad hair day. But smart devices mean sharing information. And again, there’s that tension.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2025-07-29 14:02:582025-08-18 09:48:45The Chair's Column, July 2025
Can you imagine a time when the internet was foreign, unknown, and unexplored by the common lawyer? For many lawyers, the early 1990s was such a time. The release of the Mosaic web browser on January 23, 1993, introduced the internet to the general public and popularized the World Wide Web. Mosaic’s features made the web more visually appealing and accessible. Mosaic’s graphical user interface allowed users to visually navigate the web using icons, buttons and menus, rather than text-based commands. Images were integrated with their accompanying text, not shown in a separate window. Clickable hyperlinks allowed navigation between web pages. The intuitive interface and easy installation process appealed to a broader audience, including those who were not technically inclined, and earned Mosaic the title of “user friendly.” Mosaic influenced further developments such as web browsers (e.g., Netscape Navigator in 1994 and Internet Explorer in 1995), e-commerce (e.g., Amazon founded in 1994 and eBay founded in 1995), online communities (e.g., GeoCities founded in 1994), and search engines (e.g., Yahoo! Search in 1994).
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2025-01-21 12:03:542025-01-21 12:20:33From Dial-Up to Deep Learning: Looking Back and Looking Forward
The North Carolina Bar Association is proud to launch the “Opt-Inspire Initiative,” a new pro bono program that empowers seniors with critical digital literacy skills to safeguard themselves from scams and bridge the generational digital divide. Designed by Alexandria (Lexi) Lutz, Senior Corporate Counsel at Nordstrom, where she focuses on privacy, cybersecurity, and artificial intelligence, this initiative addresses the dual challenges of preventing scams and fostering digital connection among seniors.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2025-01-06 11:49:482025-01-06 11:49:48Empowering Seniors Through the Opt-Inspire Initiative
Viewing Locations: Raleigh, NC, Charlotte, NC, or Virtual Zoom
The NCBA Privacy & Data Security Section proudly presents an exclusive Fireside Chat featuring the esteemed Irene Liu, Founder of Hypergrowth GC and Executive in Residence at the UC Berkeley School of Law. Irene brings a wealth of knowledge and experience in artificial intelligence and privacy law.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2024-11-12 09:09:102024-11-12 09:18:05Join Us for an Exclusive NCBA Privacy & Data Security Section Fireside Chat on Navigating AI With Irene Liu, AI Advisor
Have you asked yourself how you could better balance the workload among your team members? Enhance your team’s collaborative environment? Nurture your team members and utilize their skills to best meet the client’s objectives? And, speaking of IoT, what are ways that teams work together to ensure compliance with global IoT legal requirements?
Please register soon and join us for the Fireside Chatwith Rob Keller, Senior Director and Associate General Counsel with Cisco, on October 8, 2024, at 3 p.m. Eastern Standard Time, to hear about these issues. Even if you don’t practice in the IoT arena, you are sure to gather insights into teams that you can carry into your own practice. Our own NCBA Privacy & Data Security Section’s Shannon Ralich will host Monday’s Fireside Chat, bringing her experience as Head of Global Privacy & AI at JFrog to the discussion in what promises to be a great event.
The Privacy & Data Security Executive Council looks forward to your attendance! We hope you can come!
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngSecurity2024-10-02 09:31:292024-10-02 10:17:01Upcoming Fireside Chat and Message From the PDS Communications Chair
According to a study from January 2016 to December 2021,[1] 374 ransomware attacks on U.S. health care delivery organizations exposed the Protected Health Information (PHI) of nearly 42 million patients. The cybercriminals demand ransom to unencrypt the exfiltrated medical data, and, as such, create a direct threat to public health and safety. In addition, if the facility refuses to pay, some hackers have started posting the sensitive health data on the dark web. Moreover, some of the breached facilities are being sued on behalf of the patients whose data was compromised. Consequently, these recent cyberattacks on health care have significantly increased the cost of cyber insurance. Here are a few examples of recent cyberattacks in health care.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2023-03-08 11:21:012023-03-08 11:56:41Recent Cyberattacks on Health Care and the Consequences
I could not help but compare and contrast this year’s trip to Washington, D.C., for the IAPP’s Global Privacy Summit to the last one I attended, which was in 2019.
The venue was the same (the Convention Center in Washington, D.C.), and being in the building felt, at times, like I had traveled back in time. But then I remembered I was in 2022 when I attended the sessions or met with privacy professionals during breaks in the programming.
This year, many of the sessions were focused on how we can lawfully transfer data from Europe to a third country instead of 2019’s focus of getting ready for the U.S.’s first comprehensive state privacy law, the California Consumer Protection Act (CCPA). In 2019, we were making predictions about CCPA and its enforcement. We have lived with the CCPA for two years now and have more to prepare for as we get ready for three new (perhaps four with Connecticut?) U.S. state privacy laws that will take effect in 2023. Plus, there are changes coming to California under the California Privacy Rights Act. New topics also emerged, including how to protect teens’ and kids’ data in the U.S. (is it through a self-regulatory framework, updates to the federal Children’s Online Privacy Protection Act, a new federal law, or a combination of all of these?).
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2022-05-16 15:01:352022-06-17 16:23:13Reflections on 2022's IAPP Global Privacy Summit
After two-plus years of mostly attending CLEs, webinars, and other knowledge-building events via Zoom, Teams or some other virtual platform, it was great to get together with like-minded privacy professionals in Washington, D.C., April 10-13 for the 2022 IAPP Global Privacy Summit. I’ll be honest, I did not know what to expect from an actual in-person conference and networking event, but the IAPP and its speakers and sponsors did not disappoint.
From headliners like Apple CEO Tim Cook and FTC Chair Lisa Khan to a plethora of informative breakout sessions, GPS was a great way to brush up on a variety of current topics. Throw in getting to spend some quality time catching up with folks I have not seen in several years (or in some cases had only met virtually over the last two), and it was a good time all around. One pro tip on navigating the large crowds at GPS is and always has been to find a few folks you know to pal up with for sessions and networking events. As the only person from my firm at GPS this year, it was great to have folks from our NCBA Privacy and Data Security Section family to team up with on occasion —just one more reason to be active in the section!
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2022-05-11 16:10:352022-06-17 16:29:09Key Takeaways from the IAPP Global Privacy Summit 2022
The following excerpt is part of a series of blog posts on topics that will be discussed at the NCBA Privacy and Data Security Section Annual CLE. If you are interested in learning more, then please join us. Register for the program here.
Imagine it is a Friday afternoon. A doctor at the hospital you work for as in-house counsel or as outside counsel to the hospital calls you in a frenzy. All her computers are locked up by some malicious software demanding a ransom. The ransom note says patient records will be sold if she does not pay the ransom. She asks what she should do next: should she pay the ransom? Should she contact law enforcement? Is she going to need to notify her patients or government officials or the medical board?
The U.S. privacy laws are a patchwork of state and federal regulations. Whether you practice in the privacy and data security space or not, these issues will likely one day affect your organization where you work as in-house counsel or your clients calling you as outside counsel for help. In this digital world we live in, all attorneys can benefit from understanding the basics of how to respond to an alleged security incident.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2021-10-19 10:08:132021-10-19 10:08:13Do You Know How to Respond in the Event of a Security Incident?
By 
By 
By 
By 
By 
By 
By