Todd McClelland

Attorney at Law, Partner, Head of Global Data Privacy and Cyber Security, McDermott, Will & Emery, L.L.C.

Todd S. McClelland advises companies on complex, international legal issues associated with cybersecurity breaches and compliance, data privacy compliance, and data, technology, cloud, and outsourcing transactions. Todd counsels clients in many industries, including payment processors, cybersecurity product providers, retailers, petro companies, financial institutions and traditional brick-and-mortar companies. Todd is the global head of the Firm’s Global Privacy & Cybersecurity Practice Group.

Prior to his legal career, Todd was an engineer designing and programming industrial control, robotics, and automation systems. This background gives him a unique perspective and understanding of the technology underlying the cybersecurity and privacy issues he addresses.

Todd handles some of the largest and most well-known (and unknown) cybersecurity incidents, as well as pre-breach cyber activities, such as cyber tabletops, incident response plan design, leading client and vendor penetration testing, designing cyber risk management programs, and advising corporate boards on cybersecurity issues. He also has extensive experience with PCI/payment system compliance and incidents.

Todd advises clients on global data privacy compliance issues (e.g., GDPR, CCPA), including the establishment of data privacy programs and addressing unique privacy issues pertaining to AdTech and other evolving business models and technologies. He also focuses on cybersecurity and privacy issues associated with new technologies, such as “IoT” products, Industrial IoT, and artificial intelligence/machine learning.

In his outsourcing and technology practice, Todd is highly skilled in data licensing, cloud (e.g., SaaS, IaaS, PaaS), large-scale systems integration projects (e.g., Microsoft Dynamics 365), traditional outsourcing (e.g., ITO, HRO, ADM, BPO), and new technology partnering initiatives (e.g., AI/ML, and Quantum).

Todd McClelland's Events

Beyond the Contract: Managing Customer/Service Provider Relationships

Date: Wednesday, September 13

Presented by: Kara Gunderson, PCIP, Director Payment Card Operations, Citgo Petroleum Corporation; Greg Luna, Senior Legal Counsel, CITGO Petroleum Corporation and Todd McClelland, Attorney at Law, Partner, Head of Global Data Privacy and Cyber Security, McDermott, Will & Emery, L.L.C.

Contracts between merchants and service providers are often not ideal, for either or both parties, when it comes to addressing PCI DSS, cybersecurity, and data protection issues. Yet, we need to find a way to make them work. Our presentation begins by recapping PCI DSS requirements for service provider contracts. We then provide three example scenarios for how parties might address these issues, presenting each scenario from both the merchant and service provider perspectives. We conclude by offering mitigating measures parties may consider to create a defensible position, manage the cybersecurity risk, and to get the most out of their contracts.