Caroline O. Outten, CIPP-US

Attorney and Certified Information Privacy Professional
Ward and Smith, P.A.
919.277.9147 Fax 919.277.9177
Post Office Box 33009, Raleigh, NC 27636-3009

Caroline is certified by the International Association of Privacy Professionals (IAPP) as a Certified Information Privacy Professional – United States (CIPP/US) and her practice encompasses a broad range of business law and privacy and data security matters. 

Caroline routinely assists clients with the formation of new business entities, stock purchase transactions, asset purchase transactions, and contract drafting and negotiation.  She also advises planned communities and community association boards regarding corporate governance and rule adoption and enforcement.

As a member of the Privacy and Data Security Group, she regularly counsels clients across multiple industries, including the retail, technology, education, health care, and financial sectors, on a number of privacy and data security issues.  Caroline assists clients on compliance matters involving HIPAA, GLBA, FCRA, TCPA, CAN-SPAM, COPPA, FERPA, and other federal and state laws, and she regularly counsels clients in preventing, mitigating, and responding to data breaches and security incidents.  Additionally, Caroline drafts compliance programs, terms and conditions, privacy notices, vendor agreements, and text and email outreach programs for clients of all sizes.


  • J.D., with honors, The University of North Carolina School of Law, 2016. Staff Member, North Carolina Law Review, North Carolina Pattern Jury Instructions Committee.
  • B.A., with distinction, The University of North Carolina at Chapel Hill, 2011

Representative Experience

Caroline's Business experience includes:

  • Representing small to mid-sized businesses in multi-million dollar asset purchases and sales
  • Assisting planned communities in homeowner disputes, governing document amendments, subcontractor and vendor agreement negotiations, and civil suits
  • Advising homeowners in challenging unlawful rental restrictions in planned communities
  • Creating charters, video policies, collection policies, communication policies, rules and regulations governing use of amenities, and internal governing processes for homeowners associations throughout North Carolina
  • Performing policy analysis of proposed legislation implicating state environmental, health, and tax laws

Caroline's Data Privacy and Security experience includes:

  • Representing national construction company in multi-state data breach, including preparation of notification letters and coordination with state attorney general offices and law enforcement
  • Assisting global retail company in ransomware attack impacting customers in the U.S., Canada, Germany, and Japan
  • Drafting Privacy Notices and Terms of Use for small to mid-sized technology companies in compliance with applicable state and federal laws
  • Representing local software company in pursuing security incident involving employee data theft
  • Counseling health care providers on HIPAA compliance and breach notification requirements in connection with loss and theft of patients' protected health information
  • Creating CAN-SPAM and Telephone Consumer Protection Action compliant direct marketing initiative policy for nationally-recognized background screening company
  • Advising local charter schools on COPPA and FERPA requirements in students' use of school-provided electronic devices

Honors and Distinctions*

  • Certified Information Privacy Professional – United States (CIPP/US)

Professional and Community Affiliations

  • International Association of Privacy Professionals (IAPP)
  • North Carolina Bar Association – Division:  Young Lawyers
  • North Carolina Bar Association – Sections:  Business Law, Health Law
  • Member, Friends of Wake Med
  • Member, Poe Young Professionals, Alice Aycock Poe Center for Health Education
  • Member, North Carolina Medical Group Management Association

Admitted to Practice

North Carolina, 2016

About Me

One of my professors in law school joked that the reason we all chose to become attorneys was because we hated the sight of blood and couldn't hack it as doctors (true, at least in my case).  But I also became a lawyer because I truly believe that no one has ever become poor by giving, and the legal profession allows me to give back to my community every single day.

* Please see the following websites for an explanation of the membership standards for the following recognitions:;; and

An attorney‑client relationship may only be established through direct attorney‑to‑client communication that is confirmed by the execution of an engagement agreement. The content of any unsolicited email sent to Ward and Smith, P.A., or to any of its attorneys at an email address available on this website, will not create an attorney‑client relationship and the contents of such unsolicited email shall not be considered confidential. Therefore, do not use this website or the email addresses available on this website to provide confidential information about yourself or a legal matter to Ward and Smith or any of its attorneys.