Melissa K. Ventrone: Lawyer with Wilson Elser Moskowitz Edelman & Dicker LLP

Melissa K. Ventrone


Peer Rating

Client Rating

Printer Friendly VersionEmail this PageDownload to My Outlook ContactsAdd lawyer to My FavoritesCompare this lawyer to other lawyers in your favorites

Experience & Credentials

Practice Areas

  • Crisis Management
  • Insurance & Reinsurance Coverage
  • Data Privacy & Security
Contact InfoTelephone: 312.821.6105
Fax: 312.704.1522
University Northern Illinois University, B.S., 2000
Law SchoolChicago-Kent College of Law, J.D., 2003
Admitted2003, Illinois; 2005, U.S. District Court, Northern District of Illinois

Memberships & Affiliations

Association Chicago Bar
Association Justinian Society
Illinois State Bar Association
International Association of Privacy Professionals

MilitaryCaptain, Sergeant and Staff Sergeant, Selected Marine Corps Reserves.

Melissa Ventrone, chair of Wilson Elser’s Data Privacy & Security practice, focuses on class action privacy litigation, privacy breach response (pre- and post-event), payment card industry (PCI) standards and investigations, and advising clients in identifying, evaluating and managing first- and third-party data privacy and security risks. Melissa has represented numerous clients in litigation and arbitration, including disputes related to privacy, invasion of privacy, contracts, consumer fraud, statutory claims and other matters, using her strong organizational and advocacy skills to obtain the best results for clients.

Melissa frequently advises clients on compliance with state, federal and international laws and regulations. She leads Wilson Elser’s breach response team, quickly bringing lawyers, clients and forensic and breach response vendors together to optimize response time and effectiveness. Melissa has handled numerous breaches for small and large entities, including merchants, financial institutions, medical providers and educational institutions, successfully reducing public and regulatory scrutiny and protecting clients’ reputations.

Among her many leadership roles, Melissa has served in several key positions in the Marine Corps Reserve, including Company Commander for a 200-person unit, Executive Officer for a 329-person company forward deployed to Afghanistan, and most recently Operations Officer for a 1,000-person motor transport battalion. Melissa is a Major, currently serving as the S-4 Officer for Combat Logistics Regiment 4, Marine Logistics Group, Marine Forces Reserve. In her free time, Melissa volunteers as an ombudsman for the Employer Support for the Guard and Reserve, acting as a neutral mediator assisting employers and service members in resolving employment-related disputes.

Areas of Focus

Cyber Liability
Melissa advises a wide range of clients on identifying and managing risks associated with data privacy and security under federal, state and international laws. She drafts and negotiates contractual agreements concerning data use, retention, privacy and security, including cloud computing contracts. Melissa also serves as a first responder for situations involving use or misuse of computers and other devices.

Melissa counsels clients on a wide range of data security and privacy situations, from small breaches impacting a few hundred people to larger breaches impacting millions. When assisting a client with a potential breach, Melissa and her team of “first responders” (breach response teams) - located in offices throughout the United States and with affiliates abroad - are able to quickly mobilize the assets necessary to effectively respond to the breach. Most breaches do not need an extensive response team, but where specific skills and local resources are needed, Wilson Elser’s Data Privacy & Security practice members are available. Melissa and her breach response team respond 24/7 to work with a client to preserve evidence; determine the scope of the breach; accurately and favorably document the breach response; effectively craft communications to impacted individuals that meet legal requirements and reflect the company’s brand; proactively advise on establishing call centers and training staff; and devise other methods of protecting impacted individuals from potentially negative outcomes.

Melissa also has successfully resolved numerous disputes stemming from data breaches through negotiation, mediation, arbitration and litigation. She has attained considerable success in defending companies facing data security and privacy litigation. Melissa has litigated cases of first impression establishing favorable law, including obtaining summary judgment in a recent class action case alleging damages from the theft of a hard drive.

As part of her practice, Melissa works with management teams, boards of directors, vendors, outside consultants and other third parties to evaluate and develop action plans to address risks arising from data security and privacy issues. In the context of data breach and cyber preparedness, she works to help ensure the company’s policies, procedures and cyber crisis response plans are appropriate. Melissa also runs breach simulation exercises, which are very useful tools for training, testing and enhancing the company’s response time in a breach situation. Care in preparing for breaches makes a meaningful difference in a company’s ability to respond well, protecting its customers, business partners and reputation. That said, Melissa regularly assists companies that do not have breach response plans in place prior to a breach occurrence. In that context, her experience makes a meaningful difference and helps companies avoid the pitfalls of learning on the job during a live breach situation.


California Amends Law to Expand Businesses’ Obligations in the Wake of a Data Breach

Amendment to California’s Privacy and Breach Law

December 9, 2014

On January 1, 2015, an amendment to California’s privacy and breach law goes into effect that may have a significant impact on the way entities respond to data breaches. In advance of the law’s effective date, in addition to evaluating their information security protocols and policies, entities that possess the personal information of California residents should review their insurance policies, first to make sure they have cyber insurance that provides data breach coverage, and second to determine if their policies will cover the potentially significant cost associated with notification and identity protection or mitigation services.

Cyber Voluntary Payment Defense Thwarted by Bank Fraud Regulation

Coverage Issues Raised By Cyber Crisis Events

October 9, 2014

As companies, brokers and insurers continue to develop a better understanding of the risks and exposures involved with data breaches, standard insurance portfolios must be reviewed and developed to provide proper protection in the face of state laws and other outside influences.

California Appellate Court Limits Liability under California’s Medical Confidentiality Act for Disclosure of Medical Information

Limit on Liability in Disclosure of Medical Information

Septmber 22, 2014

The California Third Appellate District recently overturned a lower court’s denial of a motion to dismiss a class action lawsuit seeking $4 billion in damages under California’s Medical Confidentiality Act due to the alleged disclosure of medical records. The Appellate Court specifically held that the mere theft of medical records without any allegations that an unauthorized person viewed these records is insufficient to state a claim.

Have You Upgraded Your XP Yet?

Have You Upgraded Your XP Yet?

July 15, 2014

In April, Microsoft ended support for Windows XP Professional for embedded systems. As the saying goes, “a chain is only as strong as the weakest link” and even a single Windows XP computer could provide a potential intruder with a “window” into your network environment.

Google and the Great Divide: U.S. Privacy Rights versus EU Privacy Rights

Court of Justice: U.S. versus EU Privacy Rights

June 2, 2014

On May 13, 2014, the Court of Justice of the European Union found that an individual has the right to demand that Google remove links about him that he claimed were old and irrelevant. But which approach is best - the right to be forgotten or the right to know? The “right to be forgotten” as currently described by the Court of Justice could create a clash between freedom of speech, which is supported in the United States, and the EU’s broader concept of privacy.

Digital Risk Management

The Risk Report

November 2011

Additional Publications

“Digital Risk Management,” The Risk Report, International Risk Management Institute, November 2011


Business Insurance Queries Melissa Ventrone about Policies on “Wearable” Devices

September 23, 2014

Melissa Ventrone Quoted on the Impact of a Data Breach

September 16, 2013

Chicago Attorneys Lend a Helping Hand at Institute of Women Today

October 4, 2013

US Marine Corps Reserves Promotes Melissa Ventrone to Major

August 12, 2013

Melissa Ventrone Honored as Grand Marshal of the Memorial Day Parade

June 3, 2013

Chicago Lawyer Profiles Wilson Elser Attorney and Marine Corps Captain Melissa Ventrone in its Inspiring Innovators Column

March 8, 2013

Wilson Elser Hosts Job/Interview Training Workshop for Military

October 2012

Cyber Team Gains Dismissal, Statutory Award and Fees

April 19, 2012

Members of Wilson Elser cyber practice team comprised of Lori Nugent, Joshua Kantrow, Geoffrey Belzer and Melissa Ventrone succeeded in getting a case dismissed with prejudice and won a $10,000 statutory award and attorneys’ fees under Washington State’s anti-SLAPP statute.

Awards & Distinctions

Navy Marine Corps Commendation Medal with Gold Star, in lieu of second award Navy & Marine Corps Achievement Medal with Gold Star, in lieu of fifth award


The SEC Cybersecurity Initiative: What It Means and How to Secure Your Compliance

Speaking Engagements

October 21, 2014

Women Advisors Forum Industry Conference

Ventrone and Bermudez Lead Interactive Workshop on Trends, Challenges, Products and Loss Management Strategies Associated with Cyber Risk Management

Speaking Engagements

October 15, 2014

Wilson Elser, RGL Forensics, KPMG

Responding to and Managing a Cyber Attack: A Real Life Scenario, Part I

Speaking Engagements

September 11, 2014

DRI Conference: Data Breach and Privacy Law: Cyber Security Strategies for the Digital Age

Theories of Civil Liability for Data Security Breach

Speaking Engagements

September 11, 2014

DRI Conference: Data Breach and Privacy Law: Cyber Security Strategies for the Digital Age

Avoiding Data Breaches: Mission Impossible? Corporate and D&O Exposure


July 1, 2014

Wilson Elser Lunch Seminar/CLE

The Time for Cyber Coverage is Now

Speaking Engagements

May 14, 2014

Target Markets Program Administrators Association Mid Year Meeting

Risk Intelligence: Enterprise Information Security

Speaking Engagements

May 12, 2014

Advisen Insurance Intelligence Cyber Risk Insights Conference

Business Roundtable on Cyber Liability


November 14, 2012 - 8:00 a.m. - 9:15 a.m.

Wilson Elser Breakfast Seminar - Chicago

Medical Liability & Cyber Liability Insurance Threats/Data Breaches

Speaking Engagements

September 11, 2012

8th Annual National Medical Liability Insurance ExecuSummit

Cyber Liability from the Front Lines: Frequency, Severity, Volatility, Containment and Risk Management

Speaking Engagements

March 26, 2012

Hospital Insurance Forum Spring Membership Conference


Surf’s Up: The Wave of High-profile Privacy Class Actions
July 22, 2014
The IRS will not flag, identify or otherwise note a SSN that may be subject to identity theft and subsequent tax fraud. Go figure.
June 10, 2014

Reported CasesRepresentative Matters: Melissa and her breach response team have attained notable success in litigation and defending clients in a variety of situations. Recent examples include: Three hours after being retained by an international client, Melissa was able to mobilize her team to file a temporary restraining order preventing an Internet service provider (ISP) from permitting an unauthorized individual, who had changed the access codes for the account, from gaining further access to the account or data within the account. Melissa was retained to assist a company with domain names that had been hacked and transferred to a different ISP. Acting quickly to prevent the domains from being redirected to a malicious servicer, Melissa mobilized her team in the appropriate jurisdictions. She filed documents with the court to be heard on an emergency basis, requesting the domains be transferred back to the appropriate ISP. The court granted the request, preventing the company from suffering any further harm. Melissa successfully defended a health care performance-improvement company in class action litigation resulting from a stolen hard drive that contained personally identifiable information. The plaintiff alleged our client was negligent and violated consumer fraud statutes because it failed to properly protect the information on the hard drive, resulting in emotional distress, lost wages, lost time for researching identity theft and risk of identity theft. After obtaining the plaintiff's discovery, Wilson Elser filed a motion for summary judgment and a motion to stay further discovery. The court granted the motion to stay discovery, saving the client significant costs, and subsequently granted the motion for summary judgment. In so doing, the court found that an increased risk of identity theft is insufficient to constitute present injury under state-law negligence claims. Melissa and her team also have an enviable track record of favorably resolving countless breach situations. Specially crafted responses have successfully enhanced the reputations of breached entities that Melissa and her team represented. For example, they: Represented an educational institution when one of its vendors disclosed personal health information of the institution's employees and dependents to the wrong employees. Working quickly, Melissa coordinated with the vendor to determine the scale of the breach and that the error had been remediated, provided a communication plan that enabled the employer to notify the employees in person, and arranged for an identity restoration resolution with an outside vendor. Based on this response, the employees expressed satisfaction with the institution's actions. Assisted a health care facility in responding to a breach that involved a stolen hard drive. When the facility learned that a hard drive containing key data, including union employee personal and health care information, had been stolen, Melissa and the breach response team members quickly obtained identity restoration services for the impacted individuals and helped ensure compliance with breach notification laws, while working with the HIPAA compliance team to address HIPAA issues and coordinate with local regulators. The impacted individuals and their unions were pleased with the facility's response, as were regulators. Press accounts noted that the facility's response to its breach was an example of how a breach should be handled. Successfully represented several merchants that had suffered a credit card breach, working with forensic investigators who specialize in payment card breaches as well as the processor, banks and the credit card companies to reduce any potential fines or assessments. Melissa has a proven track record of reducing the overall liability of the company based on her in-depth knowledge of the payment card industry's processes.

Documents by this lawyer on

Subscribe to this feed

EU’s Ruling Not “To Be Forgotten” Anytime Soon
Melissa K. Ventrone, November 10, 2014
Last week, the Court of Justice of the European Union ruled that individuals have the “right to be forgotten.” In other words, individuals have the right to control their data and can ask search engines to remove links to results containing certain information. This ruling has...

The IRS Will Not Flag, Identify Or Otherwise Note A SSN That May Be Subject To Identity Theft And Subsequent Tax Fraud. Go Figure.
Melissa K. Ventrone, November 10, 2014
Nearly every day there’s another news story about another company suffering a data breach, either as a result of a lost or stolen device or because the company was hacked. Talk to any number of knowledgeable attorneys skilled in handling breaches, and each will guide you through a similar...

California Appellate Court Limits Liability under California’s Medical Confidentiality Act for Disclosure of Medical Information
Jeremy L. Ross,Ian A. Stewart,Melissa K. Ventrone, October 2, 2014
In what should be considered a win for the defense, the California Third Appellate Court recently overturned the lower court’s denial of a motion to dismiss a class action lawsuit seeking $4 billion in damages under California’s Medical Confidentiality Act (the Act) due to the alleged...

Profile Visibility
#1 in weekly profile views out of 39,925 lawyers in Chicago, Illinois
#19 in weekly profile views out of 1,616,736 total lawyers Overall

Office Information

Melissa K. Ventrone

120 N. La Salle Street, 26th Floor
ChicagoIL 60602-2412


Professional Networking for Legal Professionals Only

Quickly and easily expand your professional
network - join the premier global network for legal professionals only. It's powered by the
Martindale-Hubbell database - over 1,000,000 lawyers strong.
Join Now