Bridget L. Welborn
Bridget is a member of the firm’s Privacy & Data Security Practice Group. Her practice encompasses all aspects of U.S. privacy and data security laws, such as the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Report Act (FCRA), CAN-SPAM, HIPAA, federal and state data breach notification laws. She routinely counsels clients on privacy and data security laws, including the California Consumer Privacy Act, the California Privacy Rights Act, the Colorado Privacy Act, the NYDFS Cybersecurity Regulation, and the Virginia Consumer Data Protection Act.
Bridget represents clients in the financial services, insurance, healthcare, technology, and retail industries. Her experience includes assisting clients with compliance program development and implementation, privacy and data security issues in technology implementation, data use issues, and incident response. She also advises clients on transactions implicating privacy and data security issues and provides strategic advice to minimize the related cyber and legal risks.
Previously, Bridget served as the Chief Privacy and Risk Officer for the second largest credit union in the U.S. and prior to that as the privacy officer for a large financial institution headquartered in Raleigh, North Carolina. She understands the challenges that the financial services industry faces in navigating the complex landscape of privacy and data security law.
Bridget received her B.S. from the Gillings School of Global Public Health at the University of North Carolina and her J.D., cum laude, from the University of Richmond.
Bridget is admitted to practice in North Carolina, New York, and Virginia.
- International Association of Privacy Professionals
- North Carolina State Bar
- North Carolina Bar Association – Privacy and Data Security Section
- Wake County Bar Association
- Certified Information Privacy Professional, U.S. (CIPP/US), International Association of Privacy Professionals (IAPP), 2018-present
- Credit Union Enterprise Risk Management Expert, Credit Union National Association, 2023
Recent posts from our privacy and data security blog, Practical Privacy.
- Maybe Not Practical After All: HUD Proposes Revised Cyber Incident Reporting Requirement for FHA-Approved Mortgagees
- Possible… but Practical? HUD’s New 12 Hour Cyber Incident Reporting Requirement for FHA-Approved Mortgagees
- A Million Here, A Million There: Avast Sets the Record for the Highest Monetary Remedy for FTC Act Privacy Violations