About Trisha Sircar

Data privacy and cybersecurity considerations coupled with global regulatory compliance obligations are increasing and becoming more complex. Businesses, consumers, and individuals need protection — Trisha Sircar spearheads Katten's Privacy, Data and Cybersecurity Practice and provides clients with practical guidance and creative solutions to manage privacy, data, cybersecurity and artificial intelligence (AI) risk and compliance challenges.

Operating at the intersection of technology and law

Trisha is the head of Katten's Privacy, Data and Cybersecurity Practice and is the firm's Privacy Officer, overseeing data protection matters across all Katten offices. She collaborates with clients across all industries, including financial services, retail, manufacturing, education, new and emerging technology, professional sports, media, travel, life sciences and health care. She is a trusted advisor to in-house legal, compliance, technology, marketing and engineering teams on managing and mitigating the risks associated with cybersecurity, personal data and confidential information in the advent of AI and emerging technologies. She strategizes with clients to develop and operationalize comprehensive and effective information governance programs and assesses their day-to-day compliance needs and risks. Trisha helps clients develop policies and procedures, administer training, lead incident response, conduct red teaming, respond to data subject requests, draft privacy and AI impact assessments and negotiate cross-border data transactions, and counsels on strategic transactions, including AI, digital assets, mergers and acquisitions, and divestitures. Trisha is a seasoned attorney and industry leader on all types of AI, including large language models (LLMs), decision tree models, facial recognition and voice recognition.

Trisha helps clients develop and implement privacy, data security, technology usage, records retention and information handling governance programs, and develops written guidelines, policies, standards and procedures in compliance with US and international data protection and AI laws, including but not limited to the California Consumer Privacy Act (CCPA), the Children’s Online Privacy Protection Act (COPPA), the Data Use and Access Act (DUA Act), the EU AI Act, the Digital Operational Resilience Act (DORA), the Federal Trade Commission (FTC) Act, the General Data Protection Regulation (GDPR), the Gramm-Leach Bliley Act (GLBA), the General Personal Data Protection Law (LGPD), the Health Insurance Portability and Accountability Act (HIPAA), the New York Department of Financial Services Cybersecurity Regulations (23 NYCRR Part 500), the Personal Information and Protection Law (PIPL), the Privacy and Electronic Communications Regulations 2003 (PECR), the New York Stop Hacks and Improved Electronic Data Security Act (SHIELD Act), the UK Data Protection Act, and other international and US data-related laws. In addition, Trisha is a trusted advisor on complex privacy, cybersecurity and AI investigations by US and international regulatory authorities.

⇣   Expand to read more

Practice Focus

  • Implementation of privacy and AI governance frameworks
  • Incident response and data breach preparedness and response
  • Cross-functional collaboration with stakeholders regarding compliance and information governance
  • Coordinating and communicating with government agencies and law enforcement regarding cybersecurity incidents, threat monitoring and insider threat activities
  • Privacy and cybersecurity program implementation in compliance with global regulation
  • Data subject request handling and processing of implementations
  • Data protection and AI impact assessments
  • Intellectual property, technology, media and privacy laws
  • Vendor management, contracts and cross-border data transfer agreements
  • Privacy policies, procedures and standards implementation
  • Cookie compliance
  • Information handling policies, procedures and standards implementation
  • Records management and data classification policies, procedures and guidelines implementation
  • Employee privacy training and handbooks

Representative Experience

  • Counseled global manufacturer on deployment of AI and data privacy laws, including compliance with the EU AI Act, the GDPR and PIPL.
  • Provided privacy guidance to US AI developer and deployer on data privacy compliance obligations.
  • Primary privacy counsel to a SEC-registered, global advisory-focused investment bank, including assisting in all aspects of its global privacy, data protection, data breach and safeguards programs, in the EU, Hong Kong, Japan, Saudi Arabia, the US and the UK.
  • Principal outside privacy counsel to a New York-headquartered global investment management firm regulated by the CFTC, FTC, SEC and NFA with clients in Africa, Asia, Europe, Oceania, North America, and South America.
  • Assisted a US insurance company with NY DFS Part 500 compliance and certification obligations.
  • Provided counsel to an international bank on compliance with institutional client policies and procedures in Singapore, the UK, and the US.
  • Counseled a credit union on use of biometric data and AI for fraud protection and customer authentication.
  • Negotiated complex ticketing and e-commerce agreements for professional sports team.
  • Operationalized all CCPA, GDPR and PIPEDA policies, procedures and processes for retail client.
  • Handled a multi-state data breach and liaised with regulators for client in highly regulated industry.
  • Developed and operationalized an investment bank’s records management program.

Quick Reads

Presentations and Events