Melissa M. Hewitt


T +1.713.646.1397
F +1.713.751.1717


Melissa Hewitt brings wide-ranging experience to the firm, both in her role as a litigator and in the area of privacy and data security. Melissa concentrates her practice on advising clients on breach response and preparedness, and compliance with state, federal and international data protection laws. She has handled security incidents for a wide range of small and large entities, including educational institutions, health systems, consulting firms, and technology companies. She also counsels clients on developing incident response plans, including addressing notification obligations and regulatory investigations from various state Attorneys General.

In addition to her work in the area of data privacy, Melissa is skilled at all stages of litigation. She has represented clients in putative class actions, including employers and timekeeping companies in actions filed under the Illinois Biometric Information Privacy Act (BIPA). Melissa’s clients have included Fortune 500 companies, which she represented in products liability and premises liability matters.


  • Representing clients in class actions alleging violation of Americans with Disabilities Act (ADA).
  • Represented freight transportation company in putative class action. Case settled favorably following enforcement of arbitration.

Recognitions and Memberships


  • Chicago Bar Association
  • Black Women Lawyers' Association of Chicago


  • Chicago Volunteer Legal Services, Junior Board


  • U.S. Court of Appeals, Seventh Circuit
  • U.S. District Court, Northern District of Illinois
  • Illinois


  • J.D., Indiana University Maurer School of Law, 2015; Indiana Journal of Global Legal Studies, Notes Editor
  • B.A., Cornell University, 2012


In The Blogs

Previous Next
Data Counsel
FTC Issues Statement Warning Health Apps to Notify Consumers About Data Breaches
By Melissa M. Hewitt
September 22, 2021
The U.S. Federal Trade Commission (FTC) issued a policy statement on Sept. 15, 2021, warning that the decade-old Health Breach Notification Rule (the rule) – which applies to companies that handle personal health records or collect health...