I recently had an opportunity to talk with Tara Cho, a board certified specialist in privacy and information security law. Tara chairs Womble Bond Dickinson (US) LLP’s Privacy and Cybersecurity Team. Her practice is dedicated to counseling clients on privacy and data security issues across industries such as technology, retail, e-commerce, and life sciences, with an emphasis on compliance risks and regulatory requirements affecting the healthcare and healthtech sector. Tara became certified as a legal specialist in Privacy and Information Security Law by the North Carolina State Bar Board of Legal Specialization in 2018 as a member of the inaugural class of specialists in this field. She is also recognized by the International Association of Privacy Professionals (IAPP) as a certified information privacy professional for both the US (CIPP/US) and Europe (CIPP/E).

Q: Please tell me where you attended college and law school and a little about your path to your current position.

I went to Rhodes College for undergrad—it’s a small liberal arts college in Memphis, TN—and attended New England Law in Boston, MA. When I started law school, I knew that I wanted to pursue a career in healthcare law, ideally working in-house for a hospital or health system. At the start of my 1L summer, I began clerking for a firm that represented an extensive healthcare system, its physician/provider groups, and related entities. In that role, I gained valuable insight into the many regulatory and privacy issues stemming from the Health Insurance Portability and Accountability Act (HIPAA) and found that I enjoyed working in the compliance and data privacy space.
After graduation, I moved to North Carolina and began my first in-house role at IQVIA (then Quintiles). One of my mentors (Dr. Judith Beach) was the global privacy officer and regulatory counsel, and a long-standing leader in this space. Seeing into the future, she encouraged me to expand my expertise in the ever-growing requirements for data protection. I eventually transitioned to private practice and have spent the last ten years building a practice focused on privacy and data security law. Because the regulatory landscape is so new and not established in longstanding case law, we have the opportunity to develop creative compliance strategies that evolve alongside technology and data-driven innovations, which is an aspect I really enjoy.

Q: Why did you pursue board certification?

Thanks to the leadership of Matt Cordell and Elizabeth Johnson (chair and vice-chair, respectively, of the committee for this specialty) and the work of many others, North Carolina was the first state to recognize this specialty. It was an honor to sit for the exam with the inaugural class of specialists and shine the light on a substantive practice area that may not have been fully understood until recent years. With the enactment of new legislation, a hyper-focus on mega data breaches, and high-profile cases questioning the risk-benefit and potential invasion of privacy associated with new technologies, many consumers and professionals are now keenly aware of the need for expertise in this space. This certification also allows experienced attorneys to differentiate themselves from others who may be less experienced or not fully immersed in these issues on a full-time basis.

Q: Are there any hot topics in your specialty area right now?

We have seen tremendous activity in this practice area in the last few years. Consumers are more aware of the risk associated with their data, and businesses are very much aware of the business potential for data intelligence and large data sets. This awareness has given rise to a flurry of new legislation worldwide and even state-by-state here in the United States. Domestically, there is a sectoral approach to privacy and security regulation, applying set standards to specific industries, including healthcare and financial institutions (both of which have longer-standing regulations). However, states like California have implemented legislation intended to protect the personal data of state residents. The result is differing requirements state-to-state and overlapping or conflicting requirements between state and federal regulation, which creates compliance challenges, particularly for businesses that operate online (across many jurisdictions).

Q: How does specialization benefit the public? The profession?

Board certification is not a one-time exam, but rather an ongoing commitment to devote a defined number of hours to the practice of privacy and information security law, meet standards set forth by the Bar and the Board of Legal Specialization, and maintain continued education. This specialization is regulated by a trusted and unbiased source, and it enables the general public to identify and utilize a pool of qualified practitioners who have a demonstrated expertise in a narrow specialty.

Q: Has your practice area been impacted substantially by the current pandemic situation?

The pandemic has impacted every industry, including the legal sector. In my practice, the abrupt migration to remote working arrangements, development and implementation of technologies that facilitate remote workforce, and new technologies affiliated with COVID-related initiatives such as contact tracing and other pandemic-specific issues have raised novel privacy questions and data security implications. All this while the first-of-its-kind omnibus privacy law—the California Consumer Privacy Act—took effect in January 2020, became enforceable in July, and was subsequently amended by a California ballot initiative that just passed in November. Simultaneously, there have been big waves related to European data protection requirements, proposed privacy bills across states and federal levels, and a rapid increase in cyberattacks and data breaches. These (and more) have substantially impacted my practice area and companies (and individuals) in every industry.

Q: What would you say to encourage other lawyers to pursue certification?

It is a great way to boost your credibility in a competitive area—one that is more recently flooded with nonattorney professionals and even automated technology and packaged products that aim to address compliance and related issues. The rigorous requirements and ongoing commitment demonstrate an elevated level of expertise—well worth the investment. 

For more information on board certification for lawyers, visit us online at nclawspecialists.gov. The application period for 2021 opened on March 1st.