Burr & Forman

Elizabeth B. Shirley, CIPP/US

Elizabeth B. Shirley, CIPP/US Headshot
  • Certified Information Privacy Professional/United States (2018)
  • J.D. magna cum laude, University of Alabama School of Law (2000)
  • English Ph.D. program, University of Alabama (1996-1997)
  • M.A. English, Virginia Tech (1996)
  • B.A. English, Virginia Tech (1994)



  • U.S. Court of Appeals for the Eleventh Circuit
  • U.S. Court of Appeals for the Fifth Circuit
  • U.S. District Court – Northern District of Alabama
  • U.S. District Court – Middle District of Alabama
  • U.S. District Court – Southern District of Alabama
  • U.S. District Court – Northern District of Mississippi
  • U.S. District Court – Southern District of Mississippi

  • Birmingham Bar Association
  • KnowledgeNet Birmingham Chapter, Co-Chair (2022)
  • Mid-South Super Lawyers, Business Litigation (2016-2021)
  • Alabama Super Lawyers, Business Litigation (2014-2017); "Rising Star," Business Litigation (2010-2013)
  • Birmingham's Best Lawyers
  • Order of the Barristers
  • Order of the Coif
  • Top Attorneys in Alabama
  • Managing Intellectual Property Magazine, IP Star Attorney
    • Represented numerous companies in a wide variety of industries in responding to and managing cybersecurity data breaches, including variations of ransomware with payment demands ranging from six to seven figures. Industries include healthcare, financial institutions, manufacturers, service providers, entertainment, etc.
    • Represented numerous companies in preparing and reviewing privacy policies and ensuring privacy policies are effectively implemented and monitored.
    • Represented companies in drafting contracts to include provisions consistent with applicable privacy laws, such as CCPA, GDPR, FTC’s recommendations and best practices, etc.
    • Advised companies and drafted policies and procedures concerning maintenance of personal information, consumers’ and employees’ rights with regard to their personal information, incident response plans, security procedures, etc.
    • Advised companies in a wide variety of industries in complying with applicable data breach notification laws, including U.S. state, federal (GLBA, HIPAA, etc.), and international privacy laws.
    • Assisted companies with the process of sending out data breach notification letters and arranging related services such as call centers and credit monitoring.
    • Represented companies in disputes with consumers and vendors arising from data incidents.
    • Represented companies in responding to requests for personal information by consumers.
    • Represented franchisor in dispute with franchisee, which went to arbitration.
    • Represented Fortune 500 company in franchise dispute against franchisor, which went to a jury trial.
    • Represented private equity company in dispute over control, which went to arbitration hearing.
    • Represented accounting firm in accounting and breach of fiduciary disputes with former partners.
    • Represented companies in disputes with software developers over nature and quality of software, as well as full access to software functionalities.
    • Represented company against former investment banking firm and former auditing firm for fraud, malpractice, and breach of contract.
    • Represented companies in commercial collection actions.
    • Represented financial institutions in suits by consumers alleging violations of federal and state laws.
    • Represented minority ownership interests in attempted (failed) squeeze-out, which went to a bench trial.

Partner | Birmingham, AL

  • Phone
  • social


Commercial / Corporate Litigation Cybersecurity & Data Privacy Franchise & Distribution Intellectual Property Blockchain, Cryptocurrency and Electronic Transactions Appellate

Elizabeth’s practice is focused on cybersecurity and data privacy issues, as well as commercial litigation. Her career at Burr & Forman spans more than 20 years.

She advises clients on data privacy law compliance, responding to and investigating data breaches, cybersecurity, breach notifications pursuant to applicable laws, preparation of data privacy and security policies and procedures, electronic contracts and signatures, and related litigation.

She walks companies through the full scope of a data breach, including negotiating ransom demands from threat actors, retaining vendors to investigate and remediate systems, reporting the activity to appropriate authorities, and sending out notifications to customers. She also specializes in emerging data privacy legislation and helps companies draft policies that are in compliance with varying rules in each state.

Elizabeth holds a CIPP/US certification as a Certified Information Privacy Professional and represents companies of varying sizes and industry sectors in cybersecurity matters.

Additionally, she is experienced in commercial litigation, specifically focusing on business disputes, breach of contract, fraud, statutory violations, intentional interference, and other tort claims. She has litigated in the areas of technology and software development, healthcare, environmental, intellectual property, employment, financial and investment institutions, municipalities, construction, and other subject matters.

Elizabeth has tried numerous cases in federal and state court jury and non-jury trials, as well as arbitrations, throughout her career. These trials range from corporate liability for monetary damages, to corporate and municipal liability for bodily harm.

She is part of several of the firm’s teams and practice groups, including Cybersecurity & Data Privacy; Blockchain, Cryptocurrency, & Electronic Transactions; and Commercial Litigation.