Cristina Messerschmidt

Biography

Cristina Messerschmidt is a senior associate in the Data and Cyber practice group based in Chicago, advising global organizations on data privacy and cybersecurity compliance requirements, data security incident response, and legal issues related to AI.

Practice Focus

Cristina focuses her practice on domestic and global data privacy, cybersecurity, and AI. She provides advice to a wide range of clients in the healthcare space, including pharmaceutical and medical device companies, healthcare providers, financial institutions, sourcing providers, retail companies, online businesses, and other organizations on issues relating to healthcare privacy, domestic and global privacy, cross-border data transfers, and the preparation and implementation of broad-based data privacy and cybersecurity compliance programs. Cristina is well-versed in HIPAA and related issues, global privacy laws and regulations, US privacy and state medical privacy laws, as well as domestic and global AI laws, such as the EU AI Act and the Colorado AI Act. Cristina has assisted global companies on a wide range of AI-related issues, including establishing practical and sustainable AI governance programs and AI-related risk management.

Cristina also regularly counsels clients on complex domestic and global data security events, including investigations of potential compromise, determining notification obligations to federal and state and global breach notification requirements, as well as response to related inquiries from government agencies and other parties. Cristina had advised companies on a wide range of data security incidents, including ransomware, HIPAA breaches, insider threats, phishing attacks, and access controls.

Professional Honors

Associate to Watch in Privacy & Data Security: Privacy, Chambers USA (2024)

Admissions

Illinois~United States (2017)

Education

Northwestern University Pritzker School of Law (JD, cum laude) (2017)
University of Michigan (BA, honors) (2010)

Languages

English
French
Romanian

Publications

Co-author, "From Brussels to Boulder: Colorado Enacts Comprehensive AI Law on the Heels of EU’s AI Act with Significant Obligations for Business and Employers," Connect on Tech, May 2024
Co-author, "Living Free from the Sale of Personal Data: New Hampshire is the 14th US State to Pass Comprehensive Privacy Law," Connect on Tech, January 2024
Co-author, "FCC Refreshes its Data Breach Notification Rule," Connect on Tech, January 2024
Co-author, "Celebrating Data Privacy Day 2024," Connect on Tech, January 2024
Co-author, "Top 10 Predictions on Global Data Privacy and Cybersecurity Risks," Connect on Tech, December 2023
Co-author, "To Certify or Not to Certify: The EU-US Data Privacy Framework," Connect on Tech, September 2023

Co-author, "European Commission adopts "adequacy" decision for the EU-U.S. Data Privacy Framework ("DPF")," Connect on Tech, July 2023
Co-author, "State Consumer Privacy Laws Trending in 2023: Montana and Tennessee Join the Fold," Connect on Tech, May 2023
Co-author, "EDPB Begins 2023 Coordinated Enforcement Action Focused on Data Protection Officers," Connect on Tech, April 2023
Co-author, "China proposes significant reorganization of data protection regulatory structure," Connect on Tech, March 2023
Co-author, "European Data Protection Board Raises Concerns on Proposed Data Transfer Framework," Connect on Tech, March 2023
Co-author, "China Issues Standard Contractual Clauses, effective June 1," Connect on Tech, March 2023
Co-author, "Virginia Signs Privacy Bill Into Law," Connect on Tech, March 2021
Panelist, "Data Privacy at the Airport: Is it Possible to Protect Sensitive Data?," Connect on Tech, March 2021
Co-author, "Florida Makes Moves on Privacy Legislation," Connect on Tech, February 2021
Co-author, "New York's 'Sister Bill' to the CCPA," Connect on Tech, February 2021
Co-author, "EDPB Publishes Guidelines on Examples Regarding Data Breach Notification," Connect on Tech, February 2021

Presentations

Co-presenter, "US State Privacy Laws," Baker McKenzie's North America Quarterly Privacy Webinar, May 2024
Co-presenter, "The Global Rules of Engagement: Emerging Cyber Laws and Regulations," RSA Conference, May 2024
Co-presenter, "Our Top 10 Predictions on Global Data Privacy and Cybersecurity Risks," Baker McKenzie's North America Quarterly Privacy Webinar, January 2024
Co-presenter, "Divestiture Strategies: Unlocking Value - Navigating Corporate, Employment, Tax and Privacy Considerations," ACC Chicago, November 2023
Co-presenter, "EU-US Data Privacy Framework," Baker McKenzie's North America Quarterly Privacy Webinar, September 2023
Co-presenter, "From Risk to Readiness - Update on Cybersecurity & Data Privacy," ACC-Wisconsin Annual Conference, May 2023
Co-presenter, "Cybersecurity Forum: From Risk to Readiness," ACC Minnesota Cyber Symposium, April 2023
Co-presenter, "Employee Privacy: Staying Compliant as You Transition Out of the Pandemic," North Shore Labor Council, February 2023
Co-presenter, "View from the trenches: real-life examples of recent cyber events and related cross-border data privacy issues," ACC North Carolina Technology Palooza, February 2023
Co-presenter, "Privacy in Post-Roe USA: How the Dobbs Decision is Shaping Legislation, Regulation and Enforcement," PrivSec Last Thursday in Privacy, January 2023