The Biometric Privacy Revolution: Legal and Practical Considerations

Melinda McLellan is a seasoned privacy and cybersecurity law advisor whose practice focuses on the regulation of emerging technologies, compliance with evolving U.S. state and federal privacy legislation, and cross-border data protection matters. As co-leader of the firm’s EU General Data Protection Regulation (GDPR) initiative, Melinda works with multinational clients to identify, evaluate, and manage the myriad of compliance obligations associated with corporate privacy and information security practices. Her broader practice includes advising on a wide variety of privacy and data security issues, including the use of biometrics, securing the Internet of Things, implementation of blockchain technologies, cybersecurity threats to the financial services and energy sectors, autonomous vehicles, genetic privacy, artificial intelligence, Big Data, information security incident response, and negotiating complex tech transactions.

Select Experience:

• Advises on compliance with international data transfer restrictions and data localization requirements, including through the implementation of cross-border transfer mechanisms such as the EU-U.S. Privacy Shield framework, standard contractual clauses, intercompany agreements, and binding corporate rules.
• Developed and implemented EU General Data Protection Regulation (GDPR) compliance programs for numerous U.S. and international organizations, including GDPR applicability analysis, data mapping, data transfer mechanisms, consent mechanisms, “right to be forgotten,” data security assessments, breach response programs, selection of Data Protection Officers, and employee training.
• Advises companies on new requirements under the California Consumer Privacy Act (CCPA), including by developing broad-based compliance strategies to address other pending state and federal privacy legislation.
• Counsels clients on regulatory compliance strategies and best practices for private-sector use of cloud computing solutions, biometric authentication, facial recognition technology, geolocation tracking systems, mobile applications, behavioral marketing tools, social media platforms, data analytics services, and other emerging technologies. 
• Manages complex technology transactions on both the vendor side and the customer side, drafting and negotiating multiparty contracts and outsourcing agreements from the RFP through follow-up compliance assessments.
• Counsels clients on the development and implementation of enterprise-wide privacy and information security programs, including by creating employee privacy training modules and drafting company codes of conduct, policies, standards, procedures, and guidelines related to the protection of personal data.

• Responsible for a variety of litigation matters in connection with BakerHostetler's representation of Trustee Irving H. Picard for the SIPA liquidation of Bernard L. Madoff Investment Securities LLC, focusing on the investigation of and litigation against corporate entities and feeder funds in connection with the SIPA Trustee's efforts to recover funds for the BLMIS estate.
• Works with in-house counsel, IT managers and outside consultants on document preservation and discovery management in data breaches and security incidents, as well as in resultant class actions and investigations.
• Develops regulatory compliance strategies and implements best practices around broad data privacy issues, including those relating to biometric authentication, wearables, social media platforms, and other nascent technologies.
  

Experience

• Responsible for a variety of litigation matters in connection with BakerHostetler's representation of Trustee Irving H. Picard for the SIPA liquidation of Bernard L. Madoff Investment Securities LLC. Focusing on the investigation of and litigation against corporate entities and feeder funds in connection with the SIPA Trustee's efforts to recover funds for the BLMIS estate.
• Works with in-house counsel, IT managers and outside consultants on document preservation and discovery management in data breaches and security incidents, as well as in resultant class actions and investigations.
• Develops regulatory compliance strategies and implements best practices around broad data privacy issues, including those relating to biometric authentication, wearables, social media platforms and other nascent technologies.
• Member of BakerHostetler's Discovery Management team, which coordinates, develops and integrates numerous cutting-edge commercial and proprietary systems to manage discovery in numerous litigations.
• Involved in various putative class actions alleging violations of the Illinois Biometric Information Privacy Act based on employers’ alleged use of fingerprint or other scanning technology for timekeeping and security purposes.
• Counsels fashion brands on international trademark filings.