Melissa K. VentroneMelissa Ventrone Clark Hill
Melissa K. Ventrone
Melissa K. Ventrone is a Member in the firm’s Chicago office where she addresses her clients’ cybersecurity needs. She reacts swiftly and decisively when she is enlisted on a cybersecurity breach. As a Leader of the Cybersecurity, Data Protection & Privacy team, she focuses her experienced group of first responders, including lawyers and forensic investigators, on around-the-clock management of a situation and minimizes damage by working to limit any public or regulatory fallout. Melissa is also a Co-chair of the firm's ASSET360 team, that helps to identify, mitigate and respond to cyber and data risks from a legal and technical perspective. When not managing her clients’ urgent breach concerns, Melissa is a proactive consultant in managing data privacy and security risks. She is also a zealous courtroom advocate in cybersecurity litigation.
Melissa is a Certified Informational Privacy Professional (CIPP/US).
Melissa’s experience extends from small breaches impacting a few hundred people to larger breaches impacting millions on behalf of merchants, financial institutions, medical providers and educational institutions. Melissa and her team work with clients to preserve evidence, determine a breach's scope, document the response and craft communications that both meet legal requirements and protect a company's brand. She also advises on establishing incident call centers and staff training, and formulates other methods to protect impacted individuals from potentially negative outcomes.
Melissa a track record of success in defending companies facing data security and privacy litigation, including class actions. She has represented a variety of clients in multiple industries in disputes related to privacy, invasion of privacy, contracts, consumer fraud, statutory claims and other matters. She has litigated cases of first impression establishing favorable law, including obtaining summary judgment in a class action case alleging damages from the theft of a hard drive, and successfully defending a merchant against a class action arising out of a credit card breach.
Cybersecurity risk management
Melissa advises clients on compliance with state, federal and international laws and regulations. She helps companies ensure that policies, procedures and cyber crisis response plans are sufficient. Melissa runs breach simulation exercises, which are very useful tools for training, testing and enhancing a company's response time in a breach situation. When vulnerabilities are found, Melissa works with management teams, boards of directors, vendors, outside consultants and other third parties to build and execute risk-reducing action plans.
In addition, Melissa drafts and negotiates contractual agreements concerning data use and retention and privacy and security, including cloud computing contracts. She also serves as a first responder for situations involving use or misuse of computers and other devices.
Background of Service
Melissa's leadership abilities extend beyond her legal practice. She recently completed a distinguished 21 years of service in the Marine Corps Reserve, holding several key positions, including Company Commander for a 200-person unit, Executive Officer for a 329-person company deployed to Afghanistan, Operations Officer for a 1,000-person motor transport battalion, and the Logistics Officer for Combat Logistics Regiment 4. She also volunteers as an ombudsman for the Employer Support for the Guard and Reserve in which she serves as a mediator on employment-related disputes.
- Mobilized to file a temporary restraining order preventing an Internet service provider (ISP) from permitting an unauthorized individual, who had changed the access codes for the account, from gaining further access to the account or data within the account.
- Assisted a company with domain names that had been hacked and transferred to a different ISP. Mobilized in the appropriate jurisdictions and filed documents with the court to be heard on an emergency basis, requesting the domains be transferred back to the appropriate ISP. The court granted the request, preventing the company from suffering any further harm.
- Successfully defended a health care performance improvement company in class action litigation resulting from a stolen hard drive that contained personally identifiable information. Plaintiff alleged that client was negligent and violated consumer fraud statutes because it failed to properly protect the information on the hard drive, resulting in emotional distress, lost wages, lost time for researching identity theft and risk of identity theft.
- Represented an educational institution when one of its vendors disclosed personal health information of the institution's employees and dependents to the wrong employees. Coordinated with the vendor to determine the scale of the breach and that the error had been remediated, provided a communication plan that enabled the employer to notify the employees in person, and arranged for an identity restoration resolution with an outside vendor. Based on this response, the employees expressed satisfaction with the institution's actions.
- Assisted a health care facility in responding to a breach that involved a stolen hard drive. Obtained identity restoration services for the impacted individuals and helped ensure compliance with breach notification laws, while working with the HIPAA compliance team to address HIPAA issues and coordinate with local regulators. Impacted individuals and their unions were pleased with the facility's response, as were regulators. Press accounts noted that the facility's response to its breach was an example of how a breach should be handled.
- Successfully represented several merchants that had suffered a credit card breach, working with forensic investigators who specialize in payment card breaches as well as the processor, banks and the credit card companies to reduce any potential fines or assessments. Reduced the overall liability of the company based on in-depth knowledge of the payment card industry's processes.