Melanie Phillips

Cybersecurity Associate

Los Angeles

Read full biography at
Melanie Phillips is a cyber attorney on the firm’s Cyber, Privacy & Innovation team, which was named Privacy Practice Group of the Year in 2016 by Law360, and is nationally ranked by The Legal 500 and internationally recognized by the Legal 500 in several key global jurisdictions.  As part of Orrick’s cyber team, Melanie advises clients on cybersecurity compliance, risk management, and incident response.

Melanie has experience working with clients in digital crime investigations, incident response planning, and incident response.  She brings over a decade of litigation experience to the team, with experience in trade secret, employment, and consumer protection matters.


Posts by: Melanie D. Phillips

FTC Staff Issues Comments Discussing Key Security and Privacy Issues Surrounding Connected and Automated Vehicles

Given the explosive growth in the connectivity of every day “things,” several government agencies are focused on how best to support innovation and the benefits of an increasingly connected, data driven society, while weighing options for mitigating the cybersecurity and privacy risks relating to the Internet of Things.[1]  The pace of development with respect to connected cars and autonomous vehicles has drawn particular attention.   READ MORE

Standing Only Gets You So Far. Scottrade Offers Tactics to Win the Data Breach Class Action War

A recent skirmish about standing in data breach class actions (this time in the Eighth Circuit), involving securities and brokerage firm Scottrade, suggests that, even if plaintiffs win that limited question, there are other key battles that can win the war for defendants.  As we reported with Neiman Marcus, P.F. Chang’s, Nationwide, and Barnes & Noble, the Eighth Circuit’s decision in Kuhn v. Scottrade offers important proactive steps that organizations should consider taking that can mitigate post-breach litigation exposure.  READ MORE

Will I Get Sued After a Data Breach? D.C. Circuit Broadens Scope of Data That Gives Rise to Identity Theft in CareFirst

In the latest sign that data breach class actions are here to stay—and, indeed, growing—the D.C. Circuit resuscitated claims against health insurer CareFirst BlueCross and Blue Shield, following a 2015 breach that compromised member names, dates of birth, email addresses, and subscriber identification numbers of approximately 1.1 million individuals.  The decision aligns the second most powerful federal appellate court in the nation with pre-Spokeo decisions in Neiman Marcus and P.F. Chang and post-Spokeo decisions in other circuits (Third, Seventh, and Eleventh).  In short, an increased risk of identity theft constitutes an imminent injury-in-fact, and the risk of future injury is substantial enough to support Article III standing.

The D.C. Circuit’s holding is an important development.  First, the D.C. Circuit went beyond credit card numbers and social security numbers to expand the scope of data types that create a risk to individuals (i.e., names, birthdates, emails, and health insurance subscriber ID numbers).  Second, the decision makes clear that organizations should carefully consider the interplay between encryption (plus other technical data protection measures) and “risk of harm” exceptions to notification, including exceptions that may be available under HIPAA and GLBA statutory regimes. READ MORE