Melinda L. McLellan is a seasoned privacy and cybersecurity specialist currently focused on the regulation of emerging technologies and cross-border data protection law. As co-leader of the firm’s EU General Data Protection Regulation (GDPR) initiative, Melinda works with multinational clients to identify, evaluate and manage the myriad compliance obligations associated with corporate privacy and information security practices.
Her broader practice includes advising on a wide variety of complex privacy and data management issues, including biometrics, securing the Internet of Things, implementation of blockchain technologies, cybersecurity threats to the financial services and energy sectors, autonomous vehicles, genetic privacy, artificial intelligence, Big Data, managing information security incidents, and negotiating complex tech transactions.
- Counsels clients on regulatory compliance strategies and best practices for private-sector use of cloud computing solutions, biometric authentication, facial recognition technology, geolocation tracking systems, mobile applications, behavioral marketing tools, social media platforms, data analytics services and other emerging technologies.
- Manages complex technology transactions on both the vendor side and the customer side, drafting and negotiating multiparty contracts and outsourcing agreements from the RFP through follow-up compliance assessments.
- Works with cross-disciplinary teams to devise and implement clear, concise, non-obtrusive and legally compliant disclosures regarding data management practices as well as opt-in and opt-out mechanisms for the collection, use and sharing of sensitive information.
- Prepares cyber risk exposure analyses, disclosure statements and supporting materials for publicly traded companies and entities preparing for IPOs and other corporate transactions.
- Drafts and negotiates privacy and data security provisions for commercial contracts, including service provider agreements; assists clients with remediation of privacy and data security deficiencies and lacunae in legacy vendor contracts.
- Devises privacy and information security awareness programs and training modules for personnel, typically deploying a multitiered, risk-based approach to account for varying degrees of employee access to, and responsibility for, sensitive data.
- Conducts in-house security training and tabletop exercises to build awareness and help companies prepare to effectively and efficiently manage data security threats and incidents.
- Provides data protection counseling to a variety of technology companies and outsource vendors that offer big data analytics and complex fraud detection and prevention services.
- International Association of Privacy Professionals
- Certified Information Privacy Professional – United States (CIPP/US)
- Certified Information Privacy Professional – Europe (CIPP/E)
- Women in eDiscovery, New York City Chapter
- The Sedona Conference: Working Group 11, Data Security and Privacy Liability
- J.D., Harvard Law School, 2005; Executive Editor, Harvard International Law Journal
- B.A., Political Science and French Studies, Rice University, 2000
Admissions : New York
Rate : $$$$