Starr Turner Drum

Starr leads the privacy division of Maynard's Cybersecurity & Privacy Practice. She assists clients with everything from developing globally-compliant privacy programs to defending privacy-focused litigation and regulatory investigations.

After clerking for a federal judge for two years, Starr quickly gained expertise and recognition for her work in the privacy space. Starr has successfully developed hundreds of internationally compliant privacy and information governance plans across several sectors and has served as privacy due diligence counsel on over $10 billion in private equity and M&A-related transactions. Starr has also defended numerous state and federal privacy class action and security breach cases and regulatory investigations.

A tireless worker, Starr is known for her depth and breadth of privacy knowledge. She chairs the steering committee of the privacy and cybersecurity-focused working group of the Sedona Conference® and was selected as a Fellow of Information Privacy by the International Association of Privacy Professionals. She is regularly invited to speak on emerging privacy and data issues, such as AI, biometrics, and marketing and data analytics. She also serves as an adjunct professor at The University of Alabama School of Law where she teaches privacy and data security.

“C Spire chose Maynard’s Privacy and Cybersecurity Group, and Starr Drum in particular, because of her ability to assist us in developing solutions to the real world challenges we meet in our businesses every day. Starr has taken the time necessary to learn about our businesses, processes and most importantly our people, so that she can offer the most effective legal counsel, as well as suggestions that are both helpful and practical to assist us in serving our customers while protecting the privacy and security of our data and systems.”
- Chuck McBride, SVP-Legal, General Counsel, C Spire

• Global privacy and compliance advisory services (BIPA, CCPA, GDPR, etc.)
• Marketing and digital media compliance advisory services
• Regulatory investigations
• Privacy and security litigation defense
• Privacy due diligence and risk assessments

Professional Affiliations

• Birmingham Bar Association, Executive Committee (2020-2022)
• Sedona Conference Working Group 11 Steering Committee Chair
• Member of Sedona Conference Working Groups 6 and 11

Civic Involvement

• Board of Governors for City Club of Birmingham
• Birmingham Volunteer Lawyers Program
• Indian Springs School Alumni Council

• The Sedona Conference Commentary on the Enforceability in U.S. Courts of Orders and Judgments Entered under GDPR
• The Sedona Conference Commentary on Ephemeral Messaging
• The Four Ps of Privacy
• A Brief FAQ on the Latest CCPA Amendment Updates
• The Alabama Data Breach Notification Act of 2018
• California’s Sweeping New Law Set to Dramatically Shift Privacy Landscape
• “Responding to GDPR Pushback: The Business Case for Compliance” – International Association of Privacy Professionals
• Privacy Statement Deficiencies Could Have Greater Consequences in 2018
• One Year Until GDPR; Is Your Organization Prepared?

November 2, 2022, “Notice and Consent – Biometric Facial Recognition Data,” The Sedona Conference (Cleveland, OH)

September 15, 2022, “California’s Consumer Privacy Rights Act: Why Should any Arizona Business Care?” ARMA International (Phoenix, AZ)

June 28, 2022, “Global approaches to privacy and cybersecurity-based class action litigation,” The Sedona Conference Working Group 11 International Programme Meeting (Washington, D.C.)

June 22, 2022, “Social Media and the Law,” Public Relations Council of Alabama (Webinar)

April 27, 2022, “Privacy and Data Security Legislative and Regulatory Update,” The Sedona Conference (Phoenix, AZ)

March 10, 2022, “Campus Cybersecurity and Data Privacy – The Path Forward,” ABHES National Conference on Allied Health Education (New Orleans, LA)

October 29, 2021, “Notice and Consent – Biometric Facial Recognition Data,” The Sedona Conference (Houston, TX)

October 28, 2021, “WG 11 Midyear Meeting Town Hall,” The Sedona Conference (Houston, TX)

October 7, 2021, “Cybersecurity and Privacy in Education: Guidelines for Managing and Protecting Data,” CAPPS 37th Annual Conference (San Diego, CA)

September 20, 2021, “Understanding Biometric Data and the Compliance Requirements Associated With Its Use,” SCCE 20th Annual Compliance and Ethics Institute (Las Vegas, NV)

April 15, 2021, “WG 11 Annual Meeting Town Hall,” The Sedona Conference (Webinar)

March 3, 2021, “The Sedona Conference Commentary on Ephemeral Messaging,” The Sedona Conference (Webinar)

October 20, 2020, “Privacy & Security in 2020: What’s Happened and What’s Coming,” Alabama Human Resources Management Conference (Webinar)

September 2, 2020, “Privacy & Security in 2020: What’s Happened and What’s Coming,” Association of Corporate Counsel, Alabama Chapter (Webinar)

July 30, 2020, “The Sedona Conference Commentary on the Enforceability in U.S. Courts of Orders and Judgments Entered under GDPR,” The Sedona Conference (Webinar)

June 24, 2020, “CCPA Enforcement is Right Around the Corner: Best Practices and Tips for Achieving Compliance,” Active Navigation (Webinar)

June 2, 2020, “Operationalizing Privacy and Data Security Compliance in Higher Education,” SCCE 2020 Higher Education Compliance Conference (Webinar)

April 15, 2020, "U.S. Judicial Enforcement of Orders Entered Under the EU General Data Protection Regulation (GDPR)," The Sedona Conference Working Group 11 Annual Meeting 2020 (Webinar)

April 7, 2020, “Staying In Your Privacy Lane: Knowing Your Role and Knowing When to Ask for Help,” IAPP Global Privacy Summit 2020 (Washington, D.C.)*

January 30, 2020, “Privacy in 2020: Where do GDPR and CCPA Stand and What Comes Next,” ControlCase 2020 Data Security and Compliance Summit (Orlando, FL)

November 22, 2019, “There’s An App for That: The ‘Sharing Economy’ and Data Privacy,” Birmingham Bar Association CLE (Birmingham, AL)

July 18, 2019, “Online Privacy: Who’s Monitoring You and How?,” Alabama State Bar Annual Meeting (Point Clear, AL)

June 20, 2019, “U.S. Judicial Enforcement of Orders Entered Under the GDPR,” The Sedona Conference Working Group 11 International Programme Meeting (Hong Kong)

April 3, 2019: “Subject Access Rights Under the GDPR,” International Privacy + Security Forum (Washington, D.C.)

March 8, 2019, “Stuff You Didn’t Learn in Law School: Hot Topics in Privacy and Cybersecurity Law,” Birmingham Bar Membership Forum (Birmingham, AL)

February 28, 2019, “U.S. Judicial Enforcement of Orders Entered Under the EU General Data Protection Regulation (GDPR),” The Sedona Conference Working Group 11 Annual Meeting 2019 (Houston, TX)

February 1, 2019: “Automation and Appellate Advocacy,” Cumberland Law Review Symposium (Birmingham, AL)

November 15, 2018: “GDPR Compliance,” ControlCase 2018 Data Security and Compliance Summit (Ft. Lauderdale, FL)

August 24, 2018: “Navigating the Wild West of Online Privacy in a Rapidly Changing Legal Landscape,” Birmingham Bar Association CLE (Birmingham, AL)

June 28, 2018: “Privacy and Data Security Law: an Overview,” Alabama State Bar Annual Meeting (Sandestin, FL)

April 17, 2018: “Data Privacy and Security Laws: Their Broad Reach and Enforcement.” Birmingham Bar Association Women Lawyers Section CLE (Birmingham, AL)

April 10, 2018: “GDPR Overview and Discussion,” IAPP Birmingham KnowledgeNet Chapter Meeting (Birmingham, AL)

August 24, 2017: “ESI,” Alabama State Bar Lawyer University (Montgomery, AL)

*Postponed due to COVID-19