Melinda L. McLellan

Partner

New York
T +1 212.589.4679  |  F +1 212.589.4201

Melinda McLellan works with clients to navigate complex privacy, cybersecurity and data management issues in a rapidly evolving regulatory environment. She counsels companies of all sizes across multiple industry sectors, helping them identify, evaluate and manage the myriad compliance obligations associated with corporate privacy and information security practices. Melinda regularly advises on the creation, development and implementation of global privacy and security policies, standards, procedures and guidelines, as well as company codes of conduct and employee privacy training programs. Attentive to her clients' business needs, Melinda's proactive approach favors pragmatic, forward-thinking compliance strategies that emphasize prevention and mitigation of privacy and data security risks.

Select Experience

  • Counsels clients on regulatory compliance strategies and best practices for private-sector use of cloud computing solutions, biometric authentication, facial recognition technology, geolocation tracking systems, mobile applications, behavioral marketing tools, social media platforms, data analytics services and other emerging technologies. 
  • Advises on compliance with international data transfer restrictions and data localization requirements, including through the implementation of cross-border transfer mechanisms such as the EU-U.S. Privacy Shield framework, standard contractual clauses, intercompany agreements and binding corporate rules.
  • Manages complex technology transactions on both the vendor side and the customer side, drafting and negotiating multiparty contracts and outsourcing agreements from the RFP through follow-up compliance assessments. 
More »

Experience

  • Counsels clients on regulatory compliance strategies and best practices for private-sector use of cloud computing solutions, biometric authentication, facial recognition technology, geolocation tracking systems, mobile applications, behavioral marketing tools, social media platforms, data analytics services and other emerging technologies. 
  • Advises on compliance with international data transfer restrictions and data localization requirements, including through the implementation of cross-border transfer mechanisms such as the EU-U.S. Privacy Shield framework, standard contractual clauses, intercompany agreements and binding corporate rules.
  • Manages complex technology transactions on both the vendor side and the customer side, drafting and negotiating multiparty contracts and outsourcing agreements from the RFP through follow-up compliance assessments. 
  • Works with cross-disciplinary teams to devise and implement clear, concise, non-obtrusive and legally compliant disclosures regarding data management practices as well as opt-in and opt-out mechanisms for the collection, use and sharing of sensitive information.
  • Manages all aspects of information security breach response, including evaluating legal and regulatory notification obligations, developing written communications for affected populations and internal stakeholders, refining media messaging strategies, coordinating forensic investigations, working with law enforcement authorities, and interfacing directly with state and federal regulators.
  • Prepares cyber risk exposure analyses, disclosure statements and supporting materials for publicly traded companies and entities preparing for IPOs and other corporate transactions.
  • Advises clients on legal risks and best practices associated with background checks, employee monitoring and Bring Your Own Device programs, including by developing internal policies and protocols and implementing mobile device management systems. 
  • Drafts and negotiates privacy and data security provisions for commercial contracts, including service provider agreements; assists clients with remediation of privacy and data security deficiencies and lacunae in legacy vendor contracts.
  • Conducts thorough assessments of third-party vendor candidates to evaluate data protection posture and compliance readiness prior to engagement, then assists with oversight and enforcement of privacy and security representations over the course of the service agreement. 
  • Devises privacy and information security awareness programs and training modules for personnel, typically deploying a multitiered, risk-based approach to account for varying degrees of employee access to, and responsibility for, sensitive data.
  • Conducts in-house security training and tabletop exercises to build awareness and help companies prepare to effectively and efficiently manage data security threats and incidents.
  • Counsels clients on information governance practices and the development of records retention, maintenance and destruction policies and procedures.
  • Implements insider threat analysis tools for organizations, particularly in the financial sector, to detect and prevent security incidents and facilitate integrated enterprisewide security solutions.
  • Provides data protection counseling to a variety of technology companies and outsource vendors that offer big data analytics and complex fraud detection and prevention services.
  • Works directly with in-house counsel, internal stakeholders and third-party technologists to develop complex privacy and information security policies, procedures, protocols, guidelines and notices.

Recognitions

  • New York Metro Super Lawyers "Rising Star" (2012 to 2016)
    • New York Super Lawyers "Top Women Attorneys" (2012 to 2016)
  • New York State Bar Association: Empire State Counsel (2007 to 2013)

Memberships

  • International Association of Privacy Professionals
    • Certified Information Privacy Professional – United States (CIPP/US)
    • Certified Information Privacy Professional – Europe (CIPP/E)
  • Women in eDiscovery, New York City Chapter
  • The Sedona Conference: Working Group 11, Data Security and Privacy Liability 

News

Press Releases

Blog Articles

Pro Bono

  • New York City Bar Justice Center, Legal Clinic for the Homeless
  • Lawyers' Committee for Civil Rights Under Law, Election Protection Program
  • Successfully represented a West African victim of gender-based violence seeking asylum in the United States before the Department of Homeland Security

Services

Industries

Admissions

  • New York

Education

  • J.D., Harvard Law School, 2005; Executive Editor, Harvard International Law Journal
  • B.A., Political Science and French Studies, Rice University, 2000

Languages

  • French
  • Italian

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Swiss-U.S. Privacy Shield Framework to Launch April 12
By Emily R. Fedeles, Melinda L. McLellan
January 14, 2017
On January 11, 2017, the U.S. Department of Commerce, the Swiss Federal Council and the Swiss Federal Data Protection and Information Commissioner (FDPIC) issued press releases announcing that an agreement has been reached on a new...
Read More ->
Data Privacy Monitor
FTC Goes After IoT Device Manufacturer for Alleged Security Vulnerabilities in Routers, IP Cameras
By Melinda L. McLellan, Kathryn C. Mellinger
January 13, 2017
On January 6, the Federal Trade Commission (FTC) announced that it had filed a complaint against Taiwanese D-Link Corp. and its U.S. subsidiary, D-Link Systems Inc. (D-Link), alleging the company made deceptive claims about the security of...
Read More ->
Data Privacy Monitor
New York Department of Financial Services Issues Revised Cybersecurity Regulations
By Melinda L. McLellan
January 3, 2017
With the clock ticking down to the new year, on December 28, 2016, the New York State Department of Financial Services (NYDFS) released highly anticipated revisions to its proposed Cybersecurity Requirements for Financial Services...
Read More ->
Data Privacy Monitor
FTC Settles with Ad Tech Company Over Deceptive Online Tracking Practices
By Robyn M. Feldstein, Melinda L. McLellan
December 27, 2016
On December 20, 2016, the Federal Trade Commission (FTC) announced that Turn Inc. agreed to settle charges that it misled consumers about its online tracking activities and failed to honor consumer opt-outs as described in its privacy...
Read More ->
Data Privacy Monitor
Privacy Rights Group Files First Legal Challenge to EU-U.S. Privacy Shield
By Emily R. Fedeles, Melinda L. McLellan
October 31, 2016
Digital Rights Ireland, an Irish privacy advocacy group, has filed the first legal challenge to the EU-U.S. Privacy Shield, the trans-Atlantic agreement reached earlier this year to permit the lawful transfer of personal data from the...
Read More ->