Melissa K. Ventrone: Lawyer with Wilson Elser Moskowitz Edelman & Dicker LLP

Melissa K. Ventrone


Peer Rating

Client Rating

Printer Friendly VersionEmail this PageDownload to My Outlook ContactsAdd lawyer to My FavoritesCompare this lawyer to other lawyers in your favorites

Experience & Credentials

Practice Areas

  • Crisis Management
  • Data Privacy & Security
  • Insurance & Reinsurance Coverage
  • Information Governance
Contact InfoTelephone: 312.821.6105
Fax: 312.704.1522
University Northern Illinois University, B.S., 2000
Law SchoolChicago-Kent College of Law, J.D., 2003
Admitted2003, Illinois; 2005, U.S. District Court, Northern District of Illinois

Memberships & Affiliations

DRI: The Voice of the Defense Bar
Employer Support of the Guard and Reserve
Illinois State Bar Association
International Association of Privacy Professionals

MilitaryCaptain, Sergeant and Staff Sergeant, Selected Marine Corps Reserves.

Melissa Ventrone, chair of Wilson Elser's Data Privacy & Security practice, focuses on class action privacy litigation, privacy breach response (pre- and post-event), payment card industry (PCI) standards and investigations, and advising clients in identifying, evaluating and managing first- and third-party data privacy and security risks. Melissa has represented numerous clients in litigation and arbitration, including disputes related to privacy, invasion of privacy, contracts, consumer fraud, statutory claims and other matters, using her strong organizational and advocacy skills to obtain the best results for clients.

Melissa frequently advises clients on compliance with state, federal and international laws and regulations. She leads Wilson Elser's breach response team, quickly bringing lawyers, clients and forensic and breach response vendors together to optimize response time and effectiveness. Melissa has handled numerous breaches for small and large entities, including merchants, financial institutions, medical providers and educational institutions, successfully reducing public and regulatory scrutiny and protecting clients' reputations.

Among her many leadership roles, Melissa has served in several key positions in the Marine Corps Reserve, including Company Commander for a 200-person unit, Executive Officer for a 329-person company forward deployed to Afghanistan, and most recently Operations Officer for a 1, 000-person motor transport battalion. In her free time, Melissa volunteers as an ombudsman for the Employer Support for the Guard and Reserve, acting as a neutral mediator assisting employers and service members in resolving employment-related disputes.

Areas of Focus

Cyber Liability
Melissa advises a wide range of clients on identifying and managing risks associated with data privacy and security under federal, state and international laws. She drafts and negotiates contractual agreements concerning data use, retention, privacy and security, including cloud computing contracts. Melissa also serves as a first responder for situations involving use or misuse of computers and other devices.

Melissa counsels clients on a wide range of data security and privacy situations, from small breaches impacting a few hundred people to larger breaches impacting millions. When assisting a client with a potential breach, Melissa and her team of “first responders” (breach response teams) - located in offices throughout the United States and with affiliates abroad - are able to quickly mobilize the assets necessary to effectively respond to the breach. Most breaches do not need an extensive response team, but where specific skills and local resources are needed, Wilson Elser's Data Privacy & Security practice members are available. Melissa and her breach response team respond 24/7 to work with a client to preserve evidence; determine the scope of the breach; accurately and favorably document the breach response; effectively craft communications to impacted individuals that meet legal requirements and reflect the company's brand; proactively advise on establishing call centers and training staff; and devise other methods of protecting impacted individuals from potentially negative outcomes.

Melissa also has successfully resolved numerous disputes stemming from data breaches through negotiation, mediation, arbitration and litigation. She has attained considerable success in defending companies facing data security and privacy litigation. Melissa has litigated cases of first impression establishing favorable law, including obtaining summary judgment in a recent class action case alleging damages from the theft of a hard drive.

As part of her practice, Melissa works with management teams, boards of directors, vendors, outside consultants and other third parties to evaluate and develop action plans to address risks arising from data security and privacy issues. In the context of data breach and cyber preparedness, she works to help ensure the company's policies, procedures and cyber crisis response plans are appropriate. Melissa also runs breach simulation exercises, which are very useful tools for training, testing and enhancing the company's response time in a breach situation. Care in preparing for breaches makes a meaningful difference in a company's ability to respond well, protecting its customers, business partners and reputation. That said, Melissa regularly assists companies that do not have breach response plans in place prior to a breach occurrence. In that context, her experience makes a meaningful difference and helps companies avoid the pitfalls of learning on the job during a live breach situation.


Surf's Up: The Wave of High-profile Privacy Class Actions July 22, 2014
The IRS will not flag, identify or otherwise note a SSN that may be subject to identity theft and subsequent tax fraud. Go figure. June 10, 2014


UPDATE: Is Safe Harbor Still Safe? The European Court of Justice Answers with a Resounding “No”

UPDATE: Is Safe Harbor Still Safe?

October 27, 2015

A recent decision by the European Union Court of Justice will likely have tremendous consequences for the cross-border trade in data between U.S. companies and EU citizens. No longer will U.S. companies be able to rely on Safe Harbor program participation and self-certification as a layer of protection when handling the data of EU citizens.

Third Circuit Holds FTC Has Authority to Regulate Cybersecurity under Unfairness Prong of 15 U.S.C. 45(a)

3rd Circuit: FTC to Regulate Cybersecurity Practices

September 1, 2015

A recent Third Circuit ruling has put the burden on companies to not only consider the many laws, rules and regulations that impact data privacy and security but also attempt to anticipate regulators' “state of mind” when creating and implementing cybersecurity programs.

Legal Holds in Response to Data Breaches

DRI: In-House Defense Quarterly

Summer 2015

Seventh Circuit Holds That Risk of Future Fraudulent Charge on Credit Card Sufficient to Withstand Motion to Dismiss

When Breach Exposes Only Credit Card Payment Data

July 22, 2015

On July 20, 2015, the Seventh Circuit issued an opinion holding that risk of future fraudulent charges on a credit card and greater susceptibility to identity theft is sufficient to establish standing, reversing a decision by the Northern District of Illinois.

Cybercrime on the Rise: Targeting Banking Institutions and Insurance Companies

Update: State and National Cybersecurity Regulation

May 26, 2015

Financial and insurance institutions must make cybersecurity a top priority. While not every company has the resources to pour into cybersecurity, every company should take these risks seriously. As states continue to become more active in this space, companies should proactively seek to be at the forefront of cyber security developments.

NYDFS to Collect Data on Cyber Security, but Could Hackers Use This Database as a Road Map to Launch Targeted Attacks?

NYDFS to Broaden Scope of Technology Examination Framework

March 31, 2015

As part of its increased focus on cyber security, the New York State Department of Financial Services announced that it is broadening the scope of questions and topics in its current information technology examination framework. The Department requires insurers to provide a response to 16 questions about their overall cyber security posture by April 27, 2015.

Good News for Companies: Pennsylvania District Court Rules That Plaintiffs Lack Standing without Actual or Imminent Misuse of Data

Hack Away, but No Foul without Misuse of Info

March 26, 2015

Despite their best efforts, companies cannot prevent an industrious hacker from finding a way to access their data, but such incidents may not give rise to a cause of action. When a data breach occurs, an individual does not suffer harm, and thus does not have standing to sue, unless the individual alleges actual misuse of the information or that such misuse is imminent.

Courts Interpretation of Merchant Services Agreement Limits Retailers Liability to Card Brands for Data Breach

Third Parties Pay Excess Assessments in Security Breach

March 12, 2015

A recent decision by Missouri's Eastern District Court puts businesses entering into contracts for payment processing services on notice to have such agreements reviewed by a data privacy and security attorney. The decision will likely cause processors and banks to focus more carefully on the limitation-of-liability provision related to credit card breaches.

Illinois Schools Face Tough Decisions in Combating Cyber-bullying

Illinois Schools Face Tough Decisions in Combating Cyber-bullying

March 9, 2015

School officials are custodians of students, and states have adopted rules and regulations that give school officials even more power to protect students from bullying. States have added specific cyber-bullying language to their anti-bullying laws, codifying the notion that school officials have the discretion to act to protect students from bullying based on incidents outside of school. But are students' passwords on social media websites fair game?

Balancing Employee Privacy with Protection of Company Assets

New York Law Journal

March 2, 2015

Corporate Hacking and the Financial Services Industry

Corporate Hacking and the Financial Services Industry

February 2, 2015

Even if a company meets the new “cyber-resilient” criteria, there is no guarantee it won't get hacked; but there is a good chance hackers will be occupied with easier or less-protected targets. A company with a basic cyber-resilience plan that is better than the competitors' might be able to watch from the sidelines.

Data Security, Cyber Liability and First-party Costs for Mid Cap and Small Companies Are Reaching Catastrophic Levels

Cyber Alert: Insurance Perspective on 2015 Cyber Warnings

December 15, 2014

The critical trend of data security breaches and cyber liabilities significantly harming mid cap and small businesses will continue to increase through 2015. Small companies need to recognize that they have as much, if not more, risk of suffering losses and attacks with greater frequency and severity than their bigger competitors. In fact, smaller companies are at greater risk because they do not have the same depth of resources as their larger competitors. Brokers and insurers can assist these companies in preparing for, protecting against and surviving an eventual and potentially catastrophic cyber crisis event.

California Amends Law to Expand Businesses' Obligations in the Wake of a Data Breach

Amendment to California's Privacy and Breach Law

December 9, 2014

On January 1, 2015, an amendment to California's privacy and breach law goes into effect that may have a significant impact on the way entities respond to data breaches. In advance of the law's effective date, in addition to evaluating their information security protocols and policies, entities that possess the personal information of California residents should review their insurance policies, first to make sure they have cyber insurance that provides data breach coverage, and second to determine if their policies will cover the potentially significant cost associated with notification and identity protection or mitigation services.

Cyber Voluntary Payment Defense Thwarted by Bank Fraud Regulation

Coverage Issues Raised By Cyber Crisis Events

October 9, 2014

As companies, brokers and insurers continue to develop a better understanding of the risks and exposures involved with data breaches, standard insurance portfolios must be reviewed and developed to provide proper protection in the face of state laws and other outside influences.

California Appellate Court Limits Liability under California's Medical Confidentiality Act for Disclosure of Medical Information

Limit on Liability in Disclosure of Medical Information

Septmber 22, 2014

The California Third Appellate District recently overturned a lower court's denial of a motion to dismiss a class action lawsuit seeking $4 billion in damages under California's Medical Confidentiality Act due to the alleged disclosure of medical records. The Appellate Court specifically held that the mere theft of medical records without any allegations that an unauthorized person viewed these records is insufficient to state a claim.

Have You Upgraded Your XP Yet?

Have You Upgraded Your XP Yet?

July 15, 2014

In April, Microsoft ended support for Windows XP Professional for embedded systems. As the saying goes, “a chain is only as strong as the weakest link” and even a single Windows XP computer could provide a potential intruder with a “window” into your network environment.

Google and the Great Divide: U.S. Privacy Rights versus EU Privacy Rights

Court of Justice: U.S. versus EU Privacy Rights

June 2, 2014

On May 13, 2014, the Court of Justice of the European Union found that an individual has the right to demand that Google remove links about him that he claimed were old and irrelevant. But which approach is best - the right to be forgotten or the right to know? The “right to be forgotten” as currently described by the Court of Justice could create a clash between freedom of speech, which is supported in the United States, and the EU's broader concept of privacy.

Digital Risk Management

The Risk Report

November 2011

Additional Publications

“Digital Risk Management, ” The Risk Report, International Risk Management Institute, November 2011


Communicating with Your Board without Begging for Money or Putting Them to Sleep

Speaking Engagements

November 17, 2015

SC Congress Chicago 2015 Sponsored by SC Magazine

Regulatory Issues Regarding Breaches

Speaking Engagements

October 15, 2015

Client Webinar

Legislative and Regulatory Landscape

Speaking Engagements

September 27-28, 2015

Business Insurance Cyber Risk Summit 2015

Management Liability Seminar

Speaking Engagements

July 13, 2015

Insurance Company Client Event

Cybersecurity 101

Speaking Engagements

June 11, 2015

Claims and Litigation Management Networking Event

Cyber Insurance Revisited

Speaking Engagements

June 10-11, 2015

SC Congress sponsored by SC Magazine

The SECs Cybersecurity Initiative: What It Means and How to Secure Your Compliance

Speaking Engagements

October 21, 2014

Women Advisors Forum Industry Conference

Ventrone and Bermudez Lead Interactive Workshop on Trends, Challenges, Products and Loss Management Strategies Associated with Cyber Risk Management

Speaking Engagements

October 15, 2014

Wilson Elser, RGL Forensics, KPMG

Responding to and Managing a Cyber Attack: A Real Life Scenario, Part I

Speaking Engagements

September 11, 2014

DRI Conference: Data Breach and Privacy Law: Cyber Security Strategies for the Digital Age

Theories of Civil Liability for Data Security Breach

Speaking Engagements

September 11, 2014

DRI Conference: Data Breach and Privacy Law: Cyber Security Strategies for the Digital Age

Avoiding Data Breaches: Mission Impossible? Corporate and D&O Exposure


July 1, 2014

Wilson Elser Lunch Seminar/CLE

The Time for Cyber Coverage is Now

Speaking Engagements

May 14, 2014

Target Markets Program Administrators Association Mid Year Meeting

Risk Intelligence: Enterprise Information Security

Speaking Engagements

May 12, 2014

Advisen Insurance Intelligence Cyber Risk Insights Conference

Business Roundtable on Cyber Liability


November 14, 2012 - 8:00 a.m. - 9:15 a.m.

Wilson Elser Breakfast Seminar - Chicago

Medical Liability & Cyber Liability Insurance Threats/Data Breaches

Speaking Engagements

September 11, 2012

8th Annual National Medical Liability Insurance ExecuSummit

Cyber Liability from the Front Lines: Frequency, Severity, Volatility, Containment and Risk Management

Speaking Engagements

March 26, 2012

Hospital Insurance Forum Spring Membership Conference


Business Insurance Queries Melissa Ventrone about Policies on “Wearable” Devices

September 23, 2014

Melissa Ventrone Quoted on the Impact of a Data Breach

September 16, 2013

Chicago Attorneys Lend a Helping Hand at Institute of Women Today

October 4, 2013

US Marine Corps Reserves Promotes Melissa Ventrone to Major

August 12, 2013

Melissa Ventrone Honored as Grand Marshal of the Memorial Day Parade

June 3, 2013

Chicago Lawyer Profiles Wilson Elser Attorney and Marine Corps Captain Melissa Ventrone in its Inspiring Innovators Column

March 8, 2013

Wilson Elser Hosts Job/Interview Training Workshop for Military

October 2012

Cyber Team Gains Dismissal, Statutory Award and Fees

April 19, 2012

Members of Wilson Elsers cyber practice team comprised of Lori Nugent, Joshua Kantrow, Geoffrey Belzer and Melissa Ventrone succeeded in getting a case dismissed with prejudice and won a $10, 000 statutory award and attorneys' fees under Washington State's anti-SLAPP statute.

Reported CasesRepresentative Matters: Melissa and her breach response team have attained notable success in litigation and defending clients in a variety of situations. Recent examples include: Three hours after being retained by an international client, Melissa was able to mobilize her team to file a temporary restraining order preventing an Internet service provider (ISP) from permitting an unauthorized individual, who had changed the access codes for the account, from gaining further access to the account or data within the account.; Melissa was retained to assist a company with domain names that had been hacked and transferred to a different ISP. Acting quickly to prevent the domains from being redirected to a malicious servicer, Melissa mobilized her team in the appropriate jurisdictions. She filed documents with the court to be heard on an emergency basis, requesting the domains be transferred back to the appropriate ISP. The court granted the request, preventing the company from suffering any further harm.; Melissa successfully defended a health care performance-improvement company in class action litigation resulting from a stolen hard drive that contained personally identifiable information. The plaintiff alleged our client was negligent and violated consumer fraud statutes because it failed to properly protect the information on the hard drive, resulting in emotional distress, lost wages, lost time for researching identity theft and risk of identity theft. After obtaining the plaintiff's discovery, Wilson Elser filed a motion for summary judgment and a motion to stay further discovery. The court granted the motion to stay discovery, saving the client significant costs, and subsequently granted the motion for summary judgment. In so doing, the court found that an increased risk of identity theft is insufficient to constitute present injury under state-law negligence claims.; Melissa and her team also have an enviable track record of favorably resolving countless breach situations. Specially crafted responses have successfully enhanced the reputations of breached entities that Melissa and her team represented. For example, they: Represented an educational institution when one of its vendors disclosed personal health information of the institution's employees and dependents to the wrong employees. Working quickly, Melissa coordinated with the vendor to determine the scale of the breach and that the error had been remediated, provided a communication plan that enabled the employer to notify the employees in person, and arranged for an identity restoration resolution with an outside vendor. Based on this response, the employees expressed satisfaction with the institution's actions.; Assisted a health care facility in responding to a breach that involved a stolen hard drive. When the facility learned that a hard drive containing key data, including union employee personal and health care information, had been stolen, Melissa and the breach response team members quickly obtained identity restoration services for the impacted individuals and helped ensure compliance with breach notification laws, while working with the HIPAA compliance team to address HIPAA issues and coordinate with local regulators. The impacted individuals and their unions were pleased with the facility's response, as were regulators. Press accounts noted that the facility's response to its breach was an example of how a breach should be handled.; Successfully represented several merchants that had suffered a credit card breach, working with forensic investigators who specialize in payment card breaches as well as the processor, banks and the credit card companies to reduce any potential fines or assessments. Melissa has a proven track record of reducing the overall liability of the company based on her in-depth knowledge of the payment card industry's processes.

Documents by this lawyer on

Subscribe to this feed

UPDATE: Is Safe Harbor Still Safe? The European Court of Justice Answers with a Resounding “No”
Jeremy L. Ross,Ian A. Stewart,Melissa K. Ventrone, November 5, 2015
On September 28, 2015, we released a client alert noting that European Commission Decision 2000/520, known as the “Safe Harbor” for U.S. companies handling the private data of EU citizens, was under attack in the advisory opinion issued by Advocate General Yves Bot of the European Union...

Third Circuit Holds FTC Has Authority to Regulate Cybersecurity under Unfairness Prong of 15 U.S.C. § 45(a)
Melissa K. Ventrone,Aleksandra M. S. Vold, September 2, 2015
The Third Circuit recently issued its highly anticipated ruling in the Federal Trade Commission v. Wyndham Worldwide Corp., Case. No. 14-3514, holding that the FTC has authority to regulate the cybersecurity practices of companies under the “unfair” prong of section 5 of the FTC Act. In...

Seventh Circuit Holds That Risk of Future Fraudulent Charge on Credit Card Sufficient to Withstand Motion to Dismiss
Melissa K. Ventrone,Aleksandra M. S. Vold, August 5, 2015
During the 2013 holiday season, Neiman Marcus, like many other retailers, discovered that its payment card systems had been compromised and customers’ credit and debit card information was potentially stolen. The rush to the courthouse began, and multiple class action lawsuits were filed and...

Profile Visibility
#104 in weekly profile views out of 43,924 lawyers in Chicago, Illinois
#4,236 in weekly profile views out of 1,733,488 total lawyers Overall

Office Information

Melissa K. Ventrone

120 N. La Salle Street, 26th Floor
ChicagoIL 60602-2412


Professional Networking for Legal Professionals Only

Quickly and easily expand your professional
network - join the premier global network for legal professionals only. It's powered by the
Martindale-Hubbell database - over 1,000,000 lawyers strong.
Join Now