Cybersecurity & The Energy Sector: Managing Escalating Risks

Melinda McLellan is a seasoned privacy and cybersecurity law advisor whose practice focuses on the regulation of emerging technologies, compliance with evolving U.S. state and federal privacy legislation, and cross-border data protection matters. As co-leader of the firm’s EU General Data Protection Regulation (GDPR) initiative, Melinda works with multinational clients to identify, evaluate, and manage the myriad of compliance obligations associated with corporate privacy and information security practices. Her broader practice includes advising on a wide variety of privacy and data security issues, including the use of biometrics, securing the Internet of Things, implementation of blockchain technologies, cybersecurity threats to the financial services and energy sectors, autonomous vehicles, genetic privacy, artificial intelligence, Big Data, information security incident response, and negotiating complex tech transactions.

Select Experience:

• Advises on compliance with international data transfer restrictions and data localization requirements, including through the implementation of cross-border transfer mechanisms such as the EU-U.S. Privacy Shield framework, standard contractual clauses, intercompany agreements, and binding corporate rules.
• Developed and implemented EU General Data Protection Regulation (GDPR) compliance programs for numerous U.S. and international organizations, including GDPR applicability analysis, data mapping, data transfer mechanisms, consent mechanisms, “right to be forgotten,” data security assessments, breach response programs, selection of Data Protection Officers, and employee training.
• Advises companies on new requirements under the California Consumer Privacy Act (CCPA), including by developing broad-based compliance strategies to address other pending state and federal privacy legislation.
• Counsels clients on regulatory compliance strategies and best practices for private-sector use of cloud computing solutions, biometric authentication, facial recognition technology, geolocation tracking systems, mobile applications, behavioral marketing tools, social media platforms, data analytics services, and other emerging technologies. 
• Manages complex technology transactions on both the vendor side and the customer side, drafting and negotiating multiparty contracts and outsourcing agreements from the RFP through follow-up compliance assessments.
• Counsels clients on the development and implementation of enterprise-wide privacy and information security programs, including by creating employee privacy training modules and drafting company codes of conduct, policies, standards, procedures, and guidelines related to the protection of personal data.

Sara Goldstein focuses her practice on legal issues related to privacy and data protection. As the former vice president and general counsel of a large provider of release of information and disclosure management services, Sara was responsible for overseeing all of the company’s legal and compliance-related matters. This experience gives her a depth of knowledge regarding her clients’ needs, bringing a business-oriented perspective to her practice and allowing her to provide legal guidance that is realistic and practical for her clients. 

Sara has authored a variety of industry-related articles in publications such as the Journal of the American Health Information Management Association(AHIMA), The Group Practice Journal, Compliance Today and RACMonitor.com. She has been invited to speak to organizations across the country about release of information, compliance with federal and state medical privacy laws, and breach prevention. She is also an adjunct professor of law at Drexel University, where she teaches a course on HIPAA and patient privacy.