Lynn C. Percival IV

• International Association of Privacy Professionals
• Carolina Privacy Officials’ Network
• North Carolina State Bar
• North Carolina Bar Association
• Wake County Bar
• Raleigh Chamber of Commerce, Leadership Raleigh, Class 40

• Advised clients based across industry sectors on compliance with the European General Data Protection Regulation and implementation of related compliance requirements, including creation of privacy policies, advice on individual rights mechanisms, response to specific individual rights requests, limitations on secondary use of data, and negotiation of customer and vendor agreements.
• Advised clients on implementing international data transfer mechanisms, including standard contractual clauses and Privacy Shield, and minimizing risk associated with Schrems II decision.
• Advised client on consolidation of compliance efforts to address state privacy laws, including the CCPA, CPRA, the Virginia Consumer Data Protection Act, and the Colorado Privacy Act.
• Managed negotiation of large-scale vendor contract update initiative to address regulatory changes on behalf of Fortune 500 client.
• Negotiated M&A buy- and sell-side transactions involving regulated entities subject to legal regimes including HIPAA, FCRA, GLBA, and GDPR.
• Advised publicly-traded client on creation and implementation of HIPAA compliance program.
• Led privileged privacy-and-data security assessments of a technology client’s organization that incorporated multiple assessment standards and advised on remediation of assessment findings.
• Represented technology clients in connection with negotiation of personal data licensing and Ad Tech agreements.
• Negotiated banking-as-a-service agreements on behalf of bank client.
• Advised clients across industry sectors on large-scale data breaches.
• Advised Fortune 500 client on creation of a telephone outreach compliance program designed to address requirements of the Telephone Consumer Protection Act, Telemarketing Sales Rule, and state law corollaries.
• Managed large-scale project to renegotiate vendor data protection addenda to address requirements associated with the California Consumer Privacy Act.
• Advised Fortune 500 client on implementation of employee-monitoring program, including advice on compliance with Federal Wiretap Act, state law corollaries, and related privacy and data security laws.

• Privacy and Information Security Law Specialist, North Carolina State Bar Board of Legal Specialization
• Certified Information Privacy Professional (United States), International Association of Privacy Professionals

Recent posts from our privacy and data security blog, Practical Privacy.

• Consent Horizon: BetterHelp to Pay $7.8 Million to Settle FTC Claims
• Reading the Tea Leaves: Insights into FTC’s Areas of Focus from Chair Khan’s First Public Address
• Everything is (Somewhat) Illuminated: The EDPB Defines “Transfer”
• The EU Commission’s New SCCs for International Transfers: Top 5 Immediate Takeaways
• Schrems II: What About US-Based Organizations with Consumer-Facing Websites and Apps? (Part 1 of 2)
• Final CCPA Regulations Are Approved and Effective Immediately
• Final CCPA Regs Are Finally Here, Effective Date is Unclear
• Still at the Drawing Board: Unpacking the Third Draft of the California AG’s CCPA Regulations
• Back to the Drawing Board? The Top Ten Impacts of the California AG’s Modified CCPA Regulations (Part 1 of 2)
• Nevada’s New Privacy Law: More Bark than Bite

• SEC’s Pending Proposed Rules on Cybersecurity Incident and Risk Management Disclosure
• Wyrick Robbins Announces Three New Partners
• Wyrick Robbins Announces New Privacy & Data Security Attorneys

• Ethics in Privacy and Data Security Law, North Carolina Bar Association Privacy and Data Security CLE, October 28, 2021
• Preserving Privilege in a Data Breach Investigation After the Capital One Decision, North Carolina Bar Association Privacy and Data Security CLE
• Artificial Intelligence, Cyber Security, and Ethics, NC State Lawyers Annual Meeting & CLE, November 8, 2019
• Marketing and Advertising: Challenges in the Current Privacy Landscape; International Association of Privacy Professionals, Raleigh/Durham KnowledgeNet Chapter Meeting, June 25, 2019
• $1 Million Fine Signals SEC’s Focus on Red Flags Rule and Safeguards Rule Compliance, Nov 18, 2018
• Client Alert: DC Circuit Partially Overturns 2015 FCC Order in Long-Awaited TCPA Ruling, March 16, 2018
• Reining in the FCC: DC Circuit Overturns Some (Not All) of 2015 TCPA Order, International Association of Privacy Professionals, March 23, 2018
• Elliott Davis Decosimo 2017 Risk Management Seminar, Understanding Data Breach Reporting Obligations and Minimizing Legal Risk, May 11, 2017
• Making the Move: Safe Harbor to the Privacy Shield, Triangle Part Eleven and Electronic Stakeholders Meeting, September 22, 2016
• Client Alert: Lessons Learned from Target’s Data Breach Discovery Win – Five Strategies for Maintaining Privilege in the Aftermath of a Data Breach, October 30, 2015
• President Obama’s Security Breach Notification Bill Needs Work, January 16, 2015, J.D. Supra
• Client Alert: New COPPA Rule Now in Effect, July 1, 2013
• Client Alert: Privacy Regulators Take to the Web in Search of Deficient Privacy Policies, May 30, 2013
• Client Alert: HIPAA Risk Analysis, February 6, 2013
• Client Alert: President Obama’s Cybersecurity Executive Order and What it Means for Your Organization, February 14, 2013
• Client Alert: Coping with the Threat of Fraudulent Funds Transfers, October 28, 2012
• Public Policy Favoritism in the Online World: Contract Voidability Meets the Communications Decency Act, 17 Texas Wesleyan Law Review 165 (2011)
• Article I Torture Courts: A Constitutional Means of Compensation and Deterrence? 54 Howard Law Journal 83 (2010)