Melissa K. Ventrone is on the cutting edge of data security and privacy, helping clients navigate emerging challenges related to today’s digital economy. As leader of the Cybersecurity, Data Protection, and Privacy practice, Melissa directs her skilled, multidisciplinary team of first responders to minimize security risks, ensure regulatory compliance, and curtail damage in the event of a data incident.
Education
J.D., Chicago-Kent College of Law, Illinois Institute of Technology, Chicago, Illinois, 2003
B.S., Northern Illinois University, Dekalb, Illinois, 2000
CIPP/US Certification
Recognitions
2025 Lawdragon 500 Leading Global Cyber Lawyers
Named among Crain’s Chicago Business Notable Women in Law (2020)
Named a Leading Lawyer in Chicago by Leading Lawyers℠ (2020-2025)
Named among The Best Lawyers in America® for Insurance Law (2023)
Named among Crain’s Chicago Business Notable Military Veteran Executives (2021-2022)
Named among Crain’s Chicago Business Chicago Gen X Leaders in Law (2021)
Selected as a Veteran of the Year by Chicago Veterans (2023)
Memberships
International Association of Defense Counsel
Employer Support of the Guard and Reserve
Illinois State Bar Association
International Association of Privacy Professionals
State Bar Licenses
Illinois
Court Admissions
U.S. District Ct., N.D. of Illinois
The Continued Regulation of Geolocation Data
Michigan Manufacturers Association, December 2024
Experience
- Mobilized to file a temporary restraining order preventing an Internet service provider (ISP) from permitting an unauthorized individual, who had changed the access codes for the account, from gaining further access to the account or data within the account.
- Assisted a company with domain names that had been hacked and transferred to a different ISP. Mobilized in the appropriate jurisdictions and filed documents with the court to be heard on an emergency basis, requesting the domains be transferred back to the appropriate ISP. The court granted the request, preventing the company from suffering any further harm.
- Successfully defended a healthcare performance improvement company in class action litigation resulting from a stolen hard drive that contained personally identifiable information. Plaintiff alleged that client was negligent and violated consumer fraud statutes because it failed to properly protect the information on the hard drive, resulting in emotional distress, lost wages, lost time for researching identity theft and risk of identity theft.
- Represented an educational institution when one of its vendors disclosed personal health information of the institution’s employees and dependents to the wrong employees. Coordinated with the vendor to determine the scale of the breach and that the error had been remediated, provided a communication plan that enabled the employer to notify the employees in person, and arranged for an identity restoration resolution with an outside vendor. Based on this response, the employees expressed satisfaction with the institution’s actions.
- Assisted a healthcare facility in responding to a breach that involved a stolen hard drive. Obtained identity restoration services for the impacted individuals and helped ensure compliance with breach notification laws, while working with the HIPAA compliance team to address HIPAA issues and coordinate with local regulators. Impacted individuals and their unions were pleased with the facility’s response, as were regulators. Press accounts noted that the facility’s response to its breach was an example of how a breach should be handled.
Articles & Alerts
- Quoted, “Cyber crime wave provokes backlash,” Future Intelligence (July 17, 2024)
- Co-author, “It’s a New Year and a Good Time for a Cybersecurity Checkup” (January 10, 2024)
- Co-author, “Incident Reporting: The Newly Proposed Cybersecurity Requirements” (November 13, 2023)
- Co-author, “October Is Cybersecurity Awareness Month – It’s a Good Time to Update Your Training Program” (October 10, 2023)
- Co-author, “Delaware Joins States With Comprehensive Consumer Data Privacy Laws” (September 14, 2023)
- Co-author, “Clark Hill 2023 Automotive & Manufacturing Industry Outlook: California Privacy Protection Agency to Investigate Automakers’ Data Practices” (August 1, 2023)
- Co-author, “Board Involvement Before, During and After a Cybersecurity Incident,” Legal Intelligencer (July 3, 2023)
- Co-author, “What You Need To Know About Iowa’s and Indiana’s New Consumer Privacy Laws” (April 20, 2023)
- Co-author, “Clark Hill 2023 Automotive & Manufacturing Industry Outlook: Cyber” (February 17, 2023)
- Co-author, “CISA Warns About Vulnerabilities in a Commonly Used GPS Tracker” (August 1, 2022)
- Co-author, “Connecticut Becomes Newest State With Consumer Data Privacy Law: What You Need To Know” (May 31, 2022)
- Co-author, “It’s a New Year and a Good Time for a Cybersecurity Checkup” (January 14, 2022)
- Co-author, “Be Vigilant for Fraudulent Emails – Even if They’re From the FBI” (November 16, 2021)
- Author, “CISA Releases Binding Operational Directive Aimed at Reducing the Significant Risk of Known Exploited Vulnerabilities” (November 4, 2021)
- Co-author, “October Is National Cybersecurity Awareness Month – Be Cyber Alert and Guard Against Business Email Compromise” (October 8, 2021)
- Author, “OFAC Issues Updated Guidance on Paying Ransom – Buyer Beware of Sanction Risks” (September 28, 2021)
- Co-author, “Connecticut Amends its Data Breach Notification Law to Enhance Protection and Incentivize Cybersecurity” (August 19, 2021)
- Author, “DHS Announces New Cybersecurity Requirements for Pipeline Owners and Operators” (May 28, 2021)
- Co-author, Virginia Adopts the Consumer Data Protection Act” (April 29, 2021)
- Co-author, “EU Strikes Down EU-US Privacy Shield; Validates Standard Contractual Clauses for Data Transfers” (July 16, 2020)
- Co-author, “California Privacy Rights Act Poised to Push Past CCPA Protections” (June 22, 2020)
- Author, “Department of Defense Acquisition Delays Should Not Be Interpreted as CMMC Delay” (April 28, 2020)
- Author, “Cybercriminals are Taking Advantage of COVID-19: Tips to Reduce Risk” (March 13, 2020)
Presentations
- Interviewed, “Cyber crime and punishment,” Future Intelligence (July 17, 2024)
- Co-presenter, “Practical Advice on the SEC Rule: Cybersecurity Incidents and Risk Management Disclosures” (January 25, 2024)
- Presenter, “Addressing Health Disparities with AI and Data Science,” Humboldt Park Health/Northwestern University (October 2023)
- Presenter, “Why Third-Party Cyber Risk Should Be Manufacturing’s Top Priority,” SecureWorld Manufacturing Virtual Conference (August 23, 2023)
- Co-presenter, “Managing a Ransomware Claim,” AEGIS 2023 Policyholders’ Conference (July 12, 2023)
- Co-presenter, “Biometrics, Pixels and Tracking Technologies Lawsuits: What Underwriters Should Know about US Privacy Litigation,” IUA (June 26, 2023)
- Presenter, “2023 Key Privacy Laws Update,” London Stock Exchange (June 22, 2023)
- Moderator, “Review of 2022 Claims Study,” NetDiligence Cyber Risk Summit (June 1, 2023)
- Co-presenter, “Incident Response from the Executive Perspective,” 2023 Clark Hill Cybersecurity & Data Privacy Summit (April 25, 2023)
- Presenter, “Geopolitics, Macroeconomics & Cybersecurity Trends: What to Expect in 2023” (January 24, 2023)
- Presenter, “You’ve Been Hacked! Now What?” 2022 Chicago Labor & Employment Conference (June 16, 2022)
- Panelist, “Cyber Insurance and Legal Risk, Enabling Technologies” (2021)
- Co-presenter, “You’ve Been Hacked! Now What?” (January 21, 2021)
- Interviewed for Cybersecurity Segment, ABC7 News (April 2020)
- Interviewed for scams popping up related to COVID-19, WPHM (March 2020)
- Presenter, “After the Burn: Inside the Sunburst Compromise and What it Means for Security and Legal Teams,” LegalWeek (February 2020)
- Panelist, “The New Era of Privacy and Cybersecurity for Law Firms,” ABA (May 22, 2019)
- Co-presenter, “GDPR: Nine Months Later – The Impact in the EU on Enforcement and Compliance and in the US on Discovery” IADC Midyear Meeting (February 25, 2019)
- Panelist, “Cyber Claim Tabletop Exercise,” AEGIS (2018)