Chelsea Staskiewicz

Chelsea Rissmiller

Associate
San Diego
About

Chelsea Rissmiller focuses her practice on cybersecurity, incident response, and regulatory enforcement. She assists companies across a wide range of industries in preparing for, responding to, and recovering from cyber incidents, including complex multijurisdictional data breaches. Her work includes coordinating forensic investigations, guiding internal teams through rapid response decision making, and developing defensible strategies for containment, notification, and remediation. Chelsea also leads crisis communications during high stakes incident response, ensuring that internal and external messaging aligns with legal, regulatory, and operational priorities. Her balanced approach helps clients weigh security and operational risk, refine compliance programs, and reduce incident risk and enforcement exposure.

Chelsea advises clients on regulatory compliance and enforcement risks under federal and state data protection, security, and privacy laws, including the California Consumer Privacy Act, the Gramm Leach Bliley Act, the Health Insurance Portability and Accountability Act, and the Federal Trade Commission Act. She regularly counsels public companies on cybersecurity governance and disclosure obligations, and she supports boards and senior leaders in evaluating cyber readiness and risk mitigation practices.

Her background includes service in the US Securities and Exchange Commission's Cyber Unit within the Division of Enforcement (Honors Program). This experience informs her approach to regulatory investigations, enforcement scrutiny, and incident response preparation. Chelsea has also supported federal court matters involving complex eDiscovery disputes, which strengthens her ability to advise on information governance and data handling obligations.

In addition to her client work, Chelsea speaks frequently on cybersecurity investigation strategy, reasonable security expectations, and evolving enforcement trends. She contributes thought leadership on developments in privacy regulation and helps organizations build durable, operationally practical compliance programs that withstand regulatory examination.

Chelsea is a Certified Information Privacy Professional (CIPP/US) and remains active in professional communities dedicated to cybersecurity, privacy, and information governance.

Areas of FocusData, Privacy and CybersecurityInternational TradeRegulatory and Government AffairsTechnologyHealthcareLife SciencesFinancial Services
Bar admissionsCalifornia
CourtsUnited States District Court for the Southern District of California

Awards

The Legal 500 United States

  • Recommended, Cyber Law (including Data Privacy and Data Protection), (2022)
Education
  • J.D., California Western School of Law
    magna cum laude
  • B.A., Pennsylvania State University

Bylines

  • Co-author, "A Ripe State for Low-Hanging Fruit: Managing Cyber Liability in California," San Diego Lawyer, SDCBA, July/August 2021

Seminars

  • Speaker, "FTC Enforcement Actions: A Roundtable Discussion," IAPP San Diego KnowledgeNet, July 9, 2024
  • Speaker, "Heating Up Alphabet Soup: An Update on State Privacy Laws from CCPA, VCDPA, and Beyond," IP Institute, Intellectual Property Law California Lawyers Association, November 3, 2023
  • Speaker, "Presentation shared with you: 'Beyond the Books - Frontline of Privacy & Cybersecurity,'" SDCBA Law Student Event, September 2023 
  • Panelist, "The End Game – Putting Your Cyber Investigation on Trial," InfraGard Cyber Defenders, RSA Conference, April 24, 2023
  • Speaker, "On Reasonable Security," InfraGard Cyber Defenders, RSA Conference, April 23, 2023
  • Presenter, "Information Governance Leadership Summit: Focus on Effective Policy Drafting + Privacy Program," March 31, 2023
  • Presenter, "The SEC's Enforcement Actions and Investigations: Managing Compliance Risks," The Knowledge Group, April 4, 2022
  • Speaker, "The Art of Sound Boarding," San Diego Paralegals Association Lunch with Leaders, April 30, 2021
  • Moderator, "You've Been Hacked, Now What?," Women in eDiscovery, February 10, 2021

Prior Experience

  • Counseled a top IT services and consulting company through a double ransomware attack involving multiple threat actors and exploitation of a zero-day vulnerability, including extensive regulatory and law enforcement inquiries
  • Advised a publicly traded US energy and technology company with global operations through a cyber-attack involving complex data mining, eDiscovery, and notification strategies 
  • Supported a leading global infrastructure technology company through a large-scale vendor incident involving unauthorized access to third-party systems and exposure of authentication data requiring forensic coordination, multijurisdictional notification analysis, and regulator engagement
  • Led a global Fortune 500 company through the design and implementation of a new governance program, including designing board-level escalation and risk assessment procedures, to comply with the Securities and Exchange Commission's cybersecurity rules
  • Supported a global health information technology provider in developing a comprehensive security and breach notification compliance program for a nationwide interoperability and health data exchange framework

Memberships And Affiliations

  • International Association of Privacy Professionals, San Diego Chapter Chair, CIPP/US, (Current)
  • FBI InfraGard, Social Media Coordinator, (2023)
  • Women in eDiscovery, Board of Directors, (2020 – 2022)

My latest insights

Publication

CCPA 2025 updated regulations: What’s new, what’s next, and what to do

30 September 2025

Publication

SEC adopts cyber amendments to Regulation S-P: Top points

27 June 2024 .15 minute read

Publication

Putting governance and risk in context and reducing personal liability for the cyber and...

14 September 2023 .2 minute read

View All
CallvCardLinkedInPrint

Connect

Phone

+1 619 699 2630
(Work, San Diego)