Careers

Diversity

With 18 offices, from New York to Los Angeles and Seattle to Orlando, we live and work in communities all over the U.S., collaborating across locations, disciplines and even borders. Our experienced, highly ranked lawyers serve businesses wherever they are and wherever they want to go.

Offices

About Us

Pages

Professionals

Thought leadership: blogs, podcasts, videos, publications, events and news

Insights

Services

Pro Bono

Am Law 100 firm with practices in Business, Digital Assets and Data Management, Intellectual Property, Labor & Employment, Litigation and Tax.

Home | BakerHostetler

BakerHostetler IP Group Has Strong Showing in 2025 IAM Patent 1000 Guide

Supreme Court to Decide the Fate of Universal Injunctions

Lee Rosebush, Marc Wagner Represent SCA Pharmaceuticals in Litigation Against FDA

US Court of International Trade Strikes Down IEEPA Tariffs

Melinda is a seasoned privacy and cybersecurity law advisor whose practice focuses on the regulation of emerging technologies, compliance with U.S. state and federal privacy legislation&nbsp;and cross-border data protection matters. As leader of the firm’s General Data Protection Regulation (GDPR) initiative, Melinda works with multinational organizations to identify, evaluate and manage the overlapping and intersecting legal obligations associated with corporate privacy and information security practices. Her broader practice includes advising on a wide variety of data management issues, including the use of biometrics, securing the Internet of Things, blockchain technologies and digital currencies, cybersecurity threats to the financial services and energy sectors, autonomous vehicles, genetic privacy, artificial intelligence, information security incident response&nbsp;and negotiating complex tech transactions.

core/freeform

J.D., Harvard Law School, 2005, 

B.A., Political Science and French Studies, Rice University, 2000

<ul>
<li>The Legal 500 United States (2017 to 2022)
<ul>
<li>Next Generation Lawyer in Media, Technology and Telecoms &#8211; Cyber Law (including data privacy and protection) (2017 to 2020)</li>
<li>Recommended in Cyber Law (including data privacy and data protection) (2021 to 2022)</li>
</ul>
</li>
<li>New York Metro Super Lawyers &#8220;Rising Star&#8221; (2012 to 2018)</li>
<li>New York Super Lawyers &#8220;Top Women Attorneys&#8221; (2012 to 2018)</li>
<li>New York State Bar Association: Empire State Counsel (2007 to 2013)</li>
</ul>


Webinar: GDPR Compliant…Now What Else are You Missing?

New York

Webinar: The Privacy Strategist 2025 – Mind the Gap: Avoiding the Privacy Pitfalls of Overlooked Personal Data

Webinar: The Privacy Strategist – New Year, New Privacy Problems?

Data Counsel

Year-End Review – Data Privacy Insights to Take into 2025

DSIR Deeper Dive – The Worst Cookie Recipe

Melinda McLellan Serves as Panelist at Transportation Research Board Conference

Northern District of Texas Flashes the ‘Blue Lights’ on OCR’s Pixel Guidance

Webinar: The Privacy Strategist: 2024 – U.S. Consumer Privacy Goes Mainstream

DSIR Deeper Dive: Absent Legislation, Privacy Regulators Offer Guidance on AI

The New EU-U.S. Data Privacy Framework in Half a Dozen FAQs

Jonathan Forman and Melinda McLellan Author Chapters for Two Financial Services Industry Publications

BakerHostetler Attorneys, Practice Areas Shine in The Legal 500 2022 Guide

Money Laundering Concerns Prompt EU Parliament to Approve Privacy-Reducing Crypto Rules

Melinda McLellan, Jonathan Forman Author Chapter on Privacy of Consumer Financial Information

Linda Goldstein, Amy Ralph Mudge, Melinda McLellan, Randal Shaheen are Contributors to Chambers Practice Guide for Advertising & Marketing

Melinda McLellan, Carolina Alonso, Shea Leitch, Alexandra Royal, Nichole Sterling Discuss Trends in Global Data Protection Law

Webinar:  The EU’s New Standard Contractual Clauses: Key Requirements & Practical Guidance

Melinda McLellan, Carolina Alonso, Shea Leitch, Alexandra Royal, Nichole Sterling Join Data Protection Law Panel

Melinda McLellan Speaks on SCCs and Data Transfers Post-Schrems II

BakerHostetler Attorneys, Practice Areas Recognized in The Legal 500 Guide for 2021

Everywhere Commerce: Top Strategies for Mitigating Risk

Updated EU Standard Contractual Clauses Are Finally Here

BakerHostetler Attorneys Make Significant Gains in The Legal 500 Annual Guide

BakerHostetler Boosts High Marks in the Legal 500 2018 Annual Guide

150 BakerHostetler Attorneys Named 2016 Super Lawyers; 91 Named Rising Stars

BakerHostetler Attorneys Speak at Massachusetts Export Center’s Program on International Trade Compliance

Digital Assets and Data Management

Compliance

Web3 and Digital Assets

Comprehensive State Privacy Laws

Privacy Governance and Technology Transactions

Emerging Technology

Contingent Workforce

Employee Privacy

Telehealth

<ul>
<li>Advises on compliance with international data protection obligations, including cross-border personal data transfer restrictions and data localization requirements and the implementation of cross-border transfer mechanisms such as standard contractual clauses, intracompany agreements and binding corporate rules.</li>
<li>Counsels clients on laws, regulations and best practices applicable to private-sector use of biometric technologies, including biometric identification and authentication software, facial recognition systems, retina and iris scanning, genetic data analysis and other emerging tools to leverage physiological measurements and human characteristics.</li>
<li>Directs the preparation and implementation of broad-based compliance strategies to address requirements under the California Consumer Privacy Act (CCPA) and other similar comprehensive state privacy laws enacted in Colorado, Connecticut, Utah and Virginia.</li>
<li>Advises clients on marketing privacy compliance protocols, including obligations under the TCPA, the CAN-SPAM Act, the GLBA’s Affiliate Marketing Rule, platform-specific tracking restrictions and advertising industry self-regulatory requirements.</li>
<li>Handles EU/UK General Data Protection Regulation (GDPR) compliance issues for domestic and international organizations, including extensive work on GDPR applicability analysis, data flow mapping, data transfer mechanisms, individual consent protocols, data subject rights requests processing, data security assessments, security breach response procedures, Data Protection Officer selection and employee training.</li>
<li>Manages complex technology transactions on both the vendor side and the customer side, drafting and negotiating multiparty contracts and outsourcing agreements from the RFP through follow-up compliance assessments.</li>
<li>Develops forward-thinking internal corporate policies to address private-sector use of virtual and augmented reality technology, cloud computing solutions, geolocation tracking and targeting, mobile applications, precision digital marketing, social media platforms, data analytics services and other emerging technologies.</li>
<li>Drafts and implements clear, concise and legally compliant disclosures regarding data management practices, including opt-in and opt-out mechanisms for the collection, use and sharing of personal information.</li>
<li>Prepares cyber risk exposure analyses, disclosure statements and supporting materials for publicly traded companies and entities preparing for IPOs and other corporate transactions.</li>
<li>Advises clients on legal risks and best practices related to employee privacy, including credit and background checks under the Fair Credit Reporting Act (FCRA), employee monitoring and mobile device management systems.</li>
<li>Drafts and negotiates privacy and data security provisions for commercial contracts, including service provider agreements and assists clients with remediation of privacy and data security deficiencies in legacy vendor contracts.</li>
<li>Conducts thorough assessments of third-party vendor candidates to evaluate data protection posture and compliance readiness prior to engagement, then assists with oversight and enforcement of privacy and security representations over the course of the service agreement.</li>
<li>Devises privacy and information security awareness programs and training modules for personnel, deploying a multitiered, risk-based approach to account for varying degrees of employee access to, and responsibility for, sensitive data.</li>
<li>Conducts in-house security training and tabletop exercises to build awareness and help companies prepare to effectively and efficiently manage data security threats and incidents.</li>
<li>Counsels clients on information governance practices and the development of records retention, maintenance and destruction policies and procedures.</li>
<li>Implements insider threat analysis tools for organizations, particularly in the financial sector, to detect and prevent security incidents and facilitate integrated enterprise-wide security solutions.</li>
<li>Provides data protection counseling to a variety of technology companies and outsource vendors that offer big data analytics and complex fraud detection and prevention services.</li>
<li>Works directly with in-house counsel, internal stakeholders and third-party technologists to develop complex privacy and information security policies, procedures, protocols, guidelines and notices.</li>
</ul>


Melinda L. McLellan

Melinda L. McLellan

Experience

Recognitions and Memberships

Insights and News

Credentials

Languages

Community and Pro Bono

Areas of Focus

Services

Featured Insights