Overview
Beth Shirley's practice is focused on cybersecurity and data privacy issues, as well as commercial litigation. Her career at Burr & Forman spans more than 20 years.
She advises clients on data privacy law compliance, responding to and investigating data breaches, cybersecurity, breach notifications pursuant to applicable laws, preparation of data privacy and security policies and procedures, electronic contracts and signatures, and related litigation.
She walks companies through the full scope of a data breach, including negotiating ransom demands from threat actors, retaining vendors to investigate and remediate systems, reporting the activity to appropriate authorities, and sending out notifications to customers. She also advises on emerging data privacy legislation and helps companies draft policies that are in compliance with varying rules in each state.
Beth holds a CIPP/US certification as a Certified Information Privacy Professional and represents companies of varying sizes and industry sectors in cybersecurity matters. She is also a Certified Information Privacy Manager by IAPP.
Additionally, she is experienced in commercial litigation, specifically focusing on business disputes, breach of contract, fraud, statutory violations, intentional interference, and other tort claims. She has litigated in the areas of technology and software development, healthcare, environmental, intellectual property, employment, financial and investment institutions, municipalities, construction, and other subject matters.
Beth has tried numerous cases in federal and state court jury and non-jury trials, as well as arbitrations, throughout her career. These trials range from corporate liability for monetary damages, to corporate and municipal liability for bodily harm.
She is part of several of the firm’s teams and practice groups, including Cybersecurity & Data Privacy; Blockchain, Cryptocurrency, & Electronic Transactions; and Commercial Litigation.
Experience
- Represented numerous companies in a wide variety of industries in responding to and managing cybersecurity data breaches, including variations of ransomware with payment demands ranging from six to seven figures. Industries include healthcare, financial institutions, manufacturers, service providers, entertainment, etc.
- Represented numerous companies in preparing and reviewing privacy policies and ensuring privacy policies are effectively implemented and monitored.
- Represented companies in drafting contracts to include provisions consistent with applicable privacy laws, such as CCPA, GDPR, FTC’s recommendations and best practices, etc.
- Advised companies and drafted policies and procedures concerning maintenance of personal information, consumers’ and employees’ rights with regard to their personal information, incident response plans, security procedures, etc.
- Advised companies in a wide variety of industries in complying with applicable data breach notification laws, including U.S. state, federal (GLBA, HIPAA, etc.), and international privacy laws.
- Assisted companies with the process of sending out data breach notification letters and arranging related services such as call centers and credit monitoring.
- Represented companies in disputes with consumers and vendors arising from data incidents.
- Represented companies in responding to requests for personal information by consumers.
- Represented franchisor in dispute with franchisee, which went to arbitration.
- Represented Fortune 500 company in franchise dispute against franchisor, which went to a jury trial.
- Represented private equity company in dispute over control, which went to arbitration hearing.
- Represented accounting firm in accounting and breach of fiduciary disputes with former partners.
- Represented companies in disputes with software developers over nature and quality of software, as well as full access to software functionalities.
- Represented company against former investment banking firm and former auditing firm for fraud, malpractice, and breach of contract.
- Represented companies in commercial collection actions.
- Represented financial institutions in suits by consumers alleging violations of federal and state laws.
- Represented minority ownership interests in attempted (failed) squeeze-out, which went to a bench trial.
Honors & Recognitions
- International Association of Privacy Professionals (IAPP) Advisory Board Member (2024)
- National Association of Women Lawyers (NAWL) Leadership Program (2023)
- Mid-South Super Lawyers, Business Litigation since 2016
- Listed in The Best Lawyers in America®: Commercial Litigation since 2023; Privacy and Data Security Law since 2025
- Alabama Super Lawyers, Business Litigation (2014-2017); "Rising Star," Business Litigation (2010-2013)
- Birmingham's Best Lawyers
- Top Attorneys in Alabama
- Managing Intellectual Property Magazine, IP Star Attorney
Newsroom
News
Speaking Engagements
Events
Articles
Podcasts
Professional & Community
Professional Activities
- Birmingham Bar Association
- Co-chair, KnowledgeNet Birmingham Chapter (2022)
- Board Member, University of Alabama's Culverhouse Executive Cyber Advisory Board
Paralegal/Assistant
Legal Practice Assistant
Teresa McCollum
(205) 458-5265
tmccollum@burr.com