Melissa Krasnow

Melissa J. Krasnow

Partner, VLP Law Group LLP

Contact Info

VLP Law Group LLP
Minneapolis, MN


Melissa Krasnow writes on cyber and privacy risk and insurance issues for

Ms. Krasnow is a partner in Minneapolis at VLP Law Group LLP, who is ranked in USA—Nationwide Privacy & Data Security and USA—Nationwide Technology in the 2022 edition of Chambers USA.

Her practice encompasses the following.

  • Privacy, data security, big data, and artificial intelligence/chatbots
    • The Health Insurance Portability and Accountability Act; Family Educational Rights and Privacy Act; financial services regulatory laws; state laws, including the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA) and other state privacy laws; EU General Data Protection Regulation (GDPR); Payment Card Industry Data Security Standard; National Institute of Standards and Technology; Controlling the Assault of Non-solicited Pornography and Marketing Act; and Telephone Consumer Protection Act
    • Data breaches and crisis situations, including preparation that involves written information security programs (e.g., organizational and employee); US, Canada, and GDPR incident response plans; and tabletop exercises (including ransomware)
    • Advice to boards of directors and senior executives (e.g., privacy, data security, and technology)
    • Cyber-liability insurance policy review
    • Privacy policies and terms (including those regarding the GDPR, CCPA/CPRA and other state privacy laws, geolocation, big data, and artificial intelligence/chatbots)
  • Technology transactions
    • Master services agreements (e.g., cloud, communications, email and text messages, laboratory services, telecommunications, security, and payment services)
    • Non-disclosure agreements
    • Data security addenda
    • Business associate agreements
    • Data license agreements/big data initiatives
    • GDPR and other data processing agreements
    • CCPA/CPRA and other state privacy law agreements
    • Legal and contractual issues regarding coronavirus (COVID-19)
  • Mergers and acquisitions

Ms. Krasnow serves as a Bloomberg BNA editorial adviser, and she is also a Certified Information Privacy Professional/US and a board leadership fellow of the National Association of Corporate Directors.

Ms. Krasnow holds a bachelor of arts degree in Chinese studies and political science from Wellesley College and a juris doctor from Northwestern University School of Law. She also attended the University of British Columbia.

Expert Commentary

Date Article
Jan 2023 California Age-Appropriate Design Code Act: Application, Assessments
Jan 2023 California Age-Appropriate Design Code Act: Other Requirements
Jan 2023 California Privacy Rights Act: Consumer Rights, Enforcement, Security
Jun 2022 Connecticut Data Privacy Act: Exceptions
Jun 2022 Connecticut Data Privacy Act: Controllers and Processors, Assessments, De-identified Data, and Enforcement
Jun 2022 Connecticut Data Privacy Act: Application and Definitions
Apr 2022 UCPA: Deidentified Data, Enforcement, and Exceptions
Apr 2022 UCPA: Application, Definitions, Consumer Rights, and Obligations
Aug 2021 Colorado Privacy Act: Exceptions
Jul 2021 Colorado Privacy Act: Application, Definitions, Rights, and Notices
Jul 2021 Colorado Privacy Act: Controllers, Assessments, Data, and Enforcement
Mar 2021 VCDPA: Assessments, De-identified Data, Enforcement, and Exceptions
Mar 2021 VCDPA: Application, Definitions, Consumer Rights, and Obligations
Jan 2021 California Privacy Rights Act: Exceptions
Dec 2020 California Privacy Rights Act: Background, Application, and Definitions
Oct 2020 Further Amendment to the California Consumer Privacy Act of 2018
Sep 2020 California Consumer Privacy Act Regulations: Privacy Policy and Notice
May 2020 The New York SHIELD Act Reasonable Security Requirement
Jan 2020 Changes in Other California Privacy and Data Security Laws
Oct 2019 The California Consumer Privacy Act of 2018, as Amended
Jun 2019 Summary of Amendment to Nevada Privacy Law
Feb 2019 Breach Notification Laws—State Attorney General or Regulator Notice
Jan 2019 Massachusetts Amends Breach Notification Law
Sep 2018 A Summary of the California Consumer Privacy Act of 2018
Apr 2018 Nevada Passes New Privacy Notice Law
Mar 2018 Application of EU's General Data Protection Regulation
Jan 2018 State Breach Notification Laws: Personal Information Definition
Dec 2017 Changes in State Breach Notification and Security Procedures Laws
Sep 2017 Business Associate Agreement Requirements and Negotiated Provisions
Feb 2017 Cyber-Security Event Recovery Plans
Jan 2017 Guidance on Ransomware
Aug 2016 Target Cyber-Attack Directors and Officers Litigation
May 2016 Changes in State Breach Notification and Security Procedures Laws
Mar 2016 CFPB Issues First Data Security Action
Aug 2015 Revisiting Privacy Policies and Practices in Light of Delaware Law
Jun 2015 State Breach Notification Laws Continue To Change
May 2015 Guidance for Incident Response Plans
Feb 2015 Board Oversight of Cyberrisks: Directors and Officers Litigation
Oct 2014 California Privacy Laws Change: Identity Theft Prevention and Mitigation Services
Aug 2014 Changes in State Breach Notification Laws
May 2014 Guidance for Managing Cyber-Security Risks
Feb 2014 Canada's Anti-Spam Legislation
Oct 2013 Revisiting Privacy Policies in Light of California Law
Sep 2013 California Minors under Age 18: Privacy Requirements for Deleting Content/Information and Advertising/Marketing
Aug 2013 State Social Media Account Laws for Educational Institutions
May 2013 FTC Updates Children's Online Privacy Protection (COPPA) Rule
Feb 2013 The Federal Trade Commission Issues Mobile Privacy Disclosures Report and Mobile Security Guidance for Application Developers
Nov 2012 Mobile Application Privacy Policy Enforcement by the California Attorney General
Sep 2012 Digital Copier Privacy Regulation
May 2012 FTC Consumer Privacy Framework and Next Steps
Jan 2012 Hacking, Malware, and Social Engineering—Definitions of and Statistics about Cyber Threats Contributing to Breaches
Dec 2011 Securities and Exchange Commission Issues Guidance on Cybersecurity and Cyber Incident Disclosure
Sep 2011 Massachusetts Enacts Privacy Regulations