Melissa Krasnow is a Partner and the sole attorney recognized in Global Privacy & Data Security in 2024 and both Nationwide Privacy & Data Security and Nationwide Technology for two consecutive years (2022 and 2023) in Chambers USA for having “an impressively well-rounded privacy practice,” “handling data breach incidents,” as well as for being “a highly regarded attorney whose broad practice exhibits strength across a number of technology-related issues” and routinely advising “on M&A, data security issues and related regulatory matters.” 

She counsels companies on HIPAA, FERPA, financial services regulatory laws, state laws (including the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA)), and the European Union (EU) General Data Protection Regulation (GDPR).

Melissa advises companies on privacy, data security, technology matters, and cyber governance, including data breaches/incidents/other events (ransomware, account takeover, business email compromise, phishing, and vulnerabilities), preparing written information security programs (organizational and employee), devising incident response plans, and facilitating and participating in tabletop exercises. She counsels boards of directors and officers on privacy, data security, and technology risk oversight and developments. and reviews cyber liability insurance policies.

Melissa advises companies on regulatory inquiries and complying with state, federal, and international privacy and data security, advertising and marketing, governance and compliance, and regulated industry laws. She prepares website and mobile application privacy policies and terms (including regarding the GDPR, CCPA/CPRA and other state privacy laws, geolocation, big data, and artificial intelligence/chatbots), and technology policies.

Melissa works with companies on negotiating (and renegotiating in the wake of data breaches/incidents/other events) and documenting technology and commercial transactions, including master services agreements (MSAs), non-disclosure agreements (NDAs), data security addenda (DSAs), business associate agreements (BAAs), data license agreements (DLAs), GDPR and other data processing agreements (DPAs), and CCPA/CPRA and other state privacy law agreements.

In mergers and acquisitions, Melissa counsels companies on privacy, data security, and technology matters and on foreign investment filing obligations.

Education

  • J.D., Northwestern University School of Law, 1992
  • A.B., Wellesley College, 1989, magna cum laude, Phi Beta Kappa and Durant Scholar
  • University of British Columbia, visiting student, 1987-1988, Class 1 Standing

Honors & Awards

  • Chambers recognition in Nationwide Privacy & Data Security and Nationwide Technology – 2022 and 2023 and in Global Privacy & Data Security – 2024
  • Who’s Who in America, Women in Law – Minnesota, 2021 – present
  • Minnesota State Bar Association North Star Lawyer, Pro Bono Service, 2014 – 2022
  • VLP is a BTI Cybersecurity Standout 2020 – Leading Cybersecurity & Data Privacy Law Firm

    • Canadian Data Privacy & Security Law: New Developments & Comparison with U.S. Laws, Minnesota CLE 2024 Midwest Legal Conference on Data Privacy and Cybersecurity (February 2024) 
    • 2023 State Law Requirements on Data Privacy and Security – What’s New and What to Do, 2023 Minnesota CLE Midwest Legal Conference on Data Privacy and Cybersecurity (February 2023)
    • Director Cyber Governance/Cyber-Risk Communication, Cyber Security Summit, Minneapolis, MN (October 2022)
    • Vendor Management Practices for Mitigating Data Privacy & Security Risks, Privacy and Data Security for the Non-Specialist, Minnesota CLE, Minneapolis, MN (September 2022)
    • A Practical Guide in Drafting Data Privacy and Security Agreements: Mitigating Data Security Breaches, the Knowledge Group webinar (August 2022)
    • Litigating Online Defamation, Cyber Law, & Data Privacy in 2022 CLE, Rossdale CLE, nationwide webinar (June 2022)
    • Structuring an Effective Third-Party Risk Management Program: Best Practices for Financial Institutions, the Knowledge Group webinar (March 2022)
    • The Third-Party Data Breach Problem: Best Defenses to Safeguard Your Data, the Knowledge Group webinar (March 2022)
    • Big Data Use and Licensing Agreements, Strafford Nationwide Webinar (February 2022)
    • North of the Border: Canadian Privacy Update, Minnesota CLE 2022 Midwest Legal Conference on Privacy and Data Security (February 2022)
    • Privacy & Data Security: Recent Approaches to Contract Drafting, Bloomberg Law webinar (September 2021)
    • Preventing Ransomware Attacks: A Practical Guide to Enhancing IT Security and Resiliency, the Knowledge Group webinar (September 2021)
    • Preparing for New State Privacy Laws, OneTrust PrivacyConnect Minneapolis Chapter (September 2021)
    • Phishing and Ransomware: Risk Mitigation and Response, 15th Annual Door County IP Academy webcast, Intellectual Property & Technology Law Section, Wisconsin State Bar (September 2021)
    • Phishing, Business Email Compromise and Ransomware, Professional Services Webinar (September 2021)
    • Impact of Incidents on Cyber Insurance and Data Security, Marco Technologies (August 2021)
    • Cyber, Data & Social: Getting in Front of Governance, TheCorporateCounsel.net webcast (June 2021)
    • Cybersecurity Management: Best Practices in a Remote Environment, the Knowledge Group webinar (April 2021)
    • When Do Data Processing Agreements and CCPA and CPRA Agreements Apply and What Should Those Agreements Say?, Minnesota CLE 2021 Midwest Legal Conference on Privacy and Data Security (February 2021)
    • Ransomware Prevention and Crackdown: Long-Term Solution and Defense Tactics, the Knowledge Group webinar (November 2020)
    • The Wall Street Journal Pro Cyber Webinar – Privacy in the New Work Environment (October 2020)
    • Association of Corporate Counsel Annual Meeting, Contract Workshop: Reviewing Allocations of Liability for Data Breach (October 2020) 

    • Big Data / AI and Privacy and Data Security Regulation, MinneWiADS: Women in Analytics & Data Science Conference, MinneAnalytics, Minneapolis, MN (October 2020)
    • Privacy Leaders Circle for B2B, Truyo Virtual Event (September 2020)
    • Privacy and Cross Border Data Flow, Privacy Across Borders Webcast, Ontario Bar Association (September 2020)
    • From the Perspective of a Business Lawyer: the California Consumer Privacy Act & Other State Privacy/Data Security Developments, Minnesota CLE Business Law Institute, Minneapolis, MN (September 2020)
    • Understanding Privacy and Data Security Laws and Requirements in Agreements, Minnesota CLE Webcast (May 2020)
    • Force Majeure/COVID-19/Privacy and Security Provisions in Contracts, ACA International Daily Huddle, Minneapolis, MN (April 2020)
    • Understanding Privacy and Data Security Laws and Requirements in Agreements, Minnesota CLE 2020 Midwest Legal Conference on Privacy & Data Security (February 2020)
    • Drafting Big Data Licensing Agreements: Key Provisions, Anonymization, Due Diligence, and Salting the Database, Strafford nationwide webinar (February 2020)
    • State Privacy Law Developments, Including the California Consumer Privacy Act, Minnesota State Bar Association Communications Law Section, Minneapolis, MN (January 2020)
    • Ransomware: Best Defense Strategies Against Attacks, the Knowledge Group webinar (December 2019)
    • CCPA Coming in 2020 – What You Need to Know Now for Complying with New Privacy Laws, Crowe LLP nationwide webinar (November 2019)
    • GDPR, Association of Statisticians of American Religious Bodies 85th Annual Meeting (October 2019)
    • Private Company Leadership Symposium: Privacy and Data Governance, Global Board Leaders’ Summit, National Association of Corporate Directors, Washington, DC (September 2019)
    • Financial Executives International Technology for Finance Leaders Conference, Minneapolis, MN (June 2019)
    • Mastering E-Commerce and Data Law, Rossdale CLE, nationwide webinar (June 2019)
    • Advising the Board of Directors on Privacy, Data Security and Emerging Technologies and State Data Privacy Law Developments, 2019 Minnesota CLE Business Law Institute, Minneapolis, MN (May 2019)
    • A Brief Overview of US and European Union Privacy and Data Security Laws, The University of St. Thomas School of Law Journal of Law & Public Policy Spring Symposium: Consumer Privacy Law, Minneapolis, MN (March 2019) 
    • Tech Series: GDPR Update , Minnesota CLE Webcast (March 2019)
    • 2019: Developments in EU, US and Global Privacy, International Association of Privacy Professionals Minneapolis/St. Paul KnowledgeNet, St. Paul, MN (February 2019)
    • Minnesota CLE 2019 Midwest Legal Conference on Privacy & Data Security (January 2019)
    • MinneFRAMA: Financial, Retail and Marketing Analytics Conference, MinneAnalytics, St. Paul, MN (December 2018)
    • Vendor Agreements: Understanding the Latest Privacy and Data Security Requirements, ePlace Solutions webinar (November 2018)
    • Vendor Risk Management: Maintaining Relationships While Limiting Liability, International Association of Privacy Professionals Privacy. Security. Risk. 2018, Austin, Texas (October 2018)
    • Big Data Use and Licensing Agreements: Key Contractual Provisions, Strafford webinar (July 2018)
    • Data Security: How to Stay Compliant with Changing Global Privacy and Data Security Laws, Minnesota CLE Webcast (July 2018)
    • Geolocation Information, International Association of Privacy Professionals Minneapolis/St. Paul KnowledgeNet on Mobile and Social Media Privacy, Minneapolis, MN (June 2018)
    • SMART for Business: Cybersecurity, Minneapolis Regional Chamber of Commerce, Minneapolis, MN (June 2018)
    • Navigating the Requirements for Email and Text Messages in Healthcare, Minnesota CLE 2018 Health Law Institute (June 2018)
    • Mitigating Risk and Liability of a Data Breach, Minnesota State Bar Association Communications Law Section, Minneapolis, MN (April 2018)
    • Real-life Cyber Events: A Roadmap for Privately Held Businesses, Cobb Strecker Dunphy & Zimmermann Webinar, Minneapolis, MN (March 2018)
    • Mastering Online Surveillance, GDPR, & Cyber Security Law, Rossdale CLE, nationwide webinar (March 2018)
    • Staying Out of the News: How to Address Today’s Security Addenda and the GDPR, VLP Webinar, (January 2018)
    • Advising the Board of Directors on Privacy and Data Security, Minnesota CLE 2018 Midwest Legal Conference on Privacy & Data Security, Minneapolis, MN (January 2018)
    • Cybersecurity, Executive Women’s Council, Minneapolis Regional Chamber of Commerce, Minneapolis, MN (January 2018)
    • Cybersecurity Threats and Trends: Best Practices for Small Businesses, LegalCORPS and America’s Small Business Development Center (SBDC)/Minnesota, University of St. Thomas, Minneapolis, MN (December 2017)
    • Presentation on Cyber Governance, Financial Executives International Committee on Governance, Risk & Compliance (CGRC) (October 2017)
    • Regulating Privacy, Global Board Leaders’ Summit, National Association of Corporate Directors, National Harbor, MD (October 2017)
    • The Increasing Risks of Ransomware: What Your Business Needs to Know and Do, the Knowledge Group webinar (October 2017)
    • Algorithms, Transparency and Ethics – Now and in the Future, Financial and Retail Conference on Analytics, MinneAnalytics, University of Minnesota, Minneapolis, MN (August 2017)
    • Ransomware: Protecting your Money and Assets, the Knowledge Group webinar (June 2017)
    • Technology Conference: Implementing Tomorrow’s Technologies Today, Minneapolis, MN  (June 2017)
    • 5 Key Topics in Data Security for Business Lawyers, 2017 Business Law Institute, Minnesota CLE (May 2017)
    • Breach Notifications: How to Handle Breaches Across Jurisdictions, LegalTech News/Epiq Systems webcast (February 2017)
    • Business Law Series: Advising the Board of Directors on Privacy and Data Security (February 2017)
    • What Do CISOs Want Lawyers to Understand about Cybersecurity?, Minnesota CLE Privacy & Data Security Legal Conference, Minneapolis, MN (January 2017)
    • Canadian Privacy Law, PricewaterhouseCoopers LLP Midwest Privacy Retreat (November 2016)