The New Era of Privacy and Cybersecurity for Law Firms

Michael Barrett is the Risk Control Director for CNA’s Lawyers Professional Liability Program. In this role, he manages a team of highly qualified attorneys who are responsible for the design, content and distribution of risk control content relevant to the practice of law. He also collaborates with executive leadership from CNA’s underwriting and clams teams to develop and execute strategies for profitable growth of the program. He is a frequent lecturer at both CNA sponsored programs and at national seminars hosted by industry-leading organizations. He also frequently publishes articles focused on legal professional liability risks as well as other commercial liability related to the operation of law practices.

Mr. Barrett graduated from Allegheny College with a B.S. in biochemistry and received his JD from Chicago Kent College of Law, where he also earned the Intellectual Property Law Certificate. Prior to joining CNA, he was a successful defense litigator specializing in the defense of commercial and professional liability lawsuits, and first-chaired twenty-three jury trials to verdict. Mr. Barrett is a member of the American Intellectual Property Law Association (AIPLA), PLUS, and the Defense Research Institute (DRI). He is also a Registered Professional Liability Underwriter (RPLU). In addition he is a Registered Patent Attorney with the United States Patent and Trademark Office. He is admitted to practice in Illinois and Pennsylvania.

Melissa K. Ventrone is a Member in the firm’s Chicago office where she addresses her clients’ cybersecurity needs. She reacts swiftly and decisively when she is enlisted on a cybersecurity breach. As leader of the cybersecurity breach response team, she focuses her experienced group of first responders, including lawyers and forensic investigators, on around-the-clock management of the situation and minimizing damage by working to limit any public or regulatory fallout. When not managing her clients’ urgent breach concerns, Melissa is a proactive consultant in managing data privacy and security risks. She is also a zealous courtroom advocate in cybersecurity litigation.

Melissa is a Certified Informational Privacy Professional (CIPP/US).

Melissa’s experience extends from small breaches impacting a few hundred people to larger breaches impacting millions on behalf of merchants, financial institutions, medical providers and educational institutions. Melissa and her team work with clients to preserve evidence, determine a breach's scope, document the response and craft communications that both meet legal requirements and protect a company's brand. She also advises on establishing incident call centers and staff training, and formulates other methods to protect impacted individuals from potentially negative outcomes.

Melissa has a track record of success in defending companies facing data security and privacy litigation, including class actions. She has represented a variety of clients in multiple industries in disputes related to privacy, invasion of privacy, contracts, consumer fraud, statutory claims and other matters. She has litigated cases of first impression establishing favorable law, including obtaining summary judgment in a class action case alleging damages from the theft of a hard drive, and successfully defending a merchant against a class action arising out of a credit card breach.

Melissa advises clients on compliance with state, federal and international laws and regulations. She helps companies ensure that policies, procedures and cyber crisis response plans are sufficient. Melissa runs breach simulation exercises, which are very useful tools for training, testing and enhancing a company's response time in a breach situation. When vulnerabilities are found, Melissa works with management teams, boards of directors, vendors, outside consultants and other third parties to build and execute risk-reducing action plans.

In addition, Melissa drafts and negotiates contractual agreements concerning data use and retention and privacy and security, including cloud computing contracts. She also serves as a first responder for situations involving use or misuse of computers and other devices.

Melissa's leadership abilities extend beyond her legal practice. She recently completed a distinguished 21 years of service in the Marine Corps Reserve, holding several key positions, including Company Commander for a 200-person unit, Executive Officer for a 329-person company deployed to Afghanistan, Operations Officer for a 1,000-person motor transport battalion, and the Logistics Officer for Combat Logistics Regiment 4. She also volunteers as an ombudsman for the Employer Support for the Guard and Reserve in which she serves as a mediator on employment-related disputes.

Judith Selby is a partner in the firm’s New York office. Focused primarily on insurance coverage matters, Judy represents clients in all phases of large scale, complex first and third party insurance issues. She has extensive experience handling insurance coverage trials in the U.S. and international arbitrations in London.

Judy's practice concentrates on coverage for exposures arising out of emerging technology, digital, and compliance risks. She serves as coverage and monitoring counsel for cyber insurers and also counsels insurers on cyber insurance product development, policy wordings, and silent cyber issues.

Judy’s experience includes coverage opinions, all phases of coverage litigation through trial and appeal, and international arbitrations involving environmental, toxic tort, cyber/privacy, BIPA, TCPA, business interruption, bad faith, pharmaceutical products, and COVID-19 exposures. She also provides insurance due diligence advice in connection with mergers and acquisitions, run offs, and adverse development cover transactions.

Judy was named as a 2021 Insurance Trailblazer by the National Law Journal and won JD Supra 2021 Readers’ Choice Awards in Insurance (number 1) and Cybersecurity (top 10) and was a finalist for the 2015 CLM Outside Professional of the Year award. She has been an invited speaker at prominent industry conferences on privacy, cyber, and related insurance issues, and she is frequently featured in various publications, including the Wall Street Journal, Fortune, Forbes, and Law360. Judy also has also authored three eBooks: A Closer Look at Cyber Insurance, Demystifying Cyber Insurance, and Big Data for Business Leaders.

Judy has completed advanced courses at the Massachusetts Institute of Technology (MIT) and Harvard Business School in the areas of big data, crisis management/business continuity, cybersecurity, the Internet of Things (IoT), and finance, as well as courses in cloud computing and the Data Protection Officer (DPO) role under the GDPR.