About Trisha Sircar

The value of data as an asset has multiplied substantially in today's global digital economy. As more and more activities move online, data privacy and information security considerations coupled with global regulatory obligations are increasing and becoming more complex. Businesses, consumers and individuals need protection — Trisha Sircar provides clients with practical guidance and creative solutions to manage global privacy and data security risks and compliance challenges.

Operating at the intersection of technology and law

Trisha works with clients across all industries, including financial services, retail, education, technology and health care. She counsels them on managing and mitigating the risks associated with the collection, use and disclosure of personal data and confidential information. This involves strategizing with clients to develop and maintain a comprehensive and effective global privacy program and assisting them in assessing and managing their day-to-day privacy compliance needs and risks, including in connection with mergers and acquisitions, bankruptcy, cyber insurance coverage selection and other strategic transactions.

Trisha advises on the practical application of complex state, federal and international privacy and information security legislation, regulation and case law developments. She helps clients navigate regulatory examinations and inspections. She reviews, drafts and negotiates global privacy, data security and records management provisions in third-party contracts and cross-border data transfer agreements, as well as provides strategic guidance on vendor management. Additionally, Trisha counsels on multi-jurisdictional incident response obligations and assists with developing proactive incident response programs.

With her significant experience in the insurance sector, Trisha provides guidance related to cyber insurance coverage needs and obligations. She helps clients develop privacy, data security, technology usage, records retention and information handling governance programs, and develops written guidelines, policies, standards and procedures in compliance with the applicable US and international data protection laws, including but not limited to, the Federal Trade Commission (FTC) Act, the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA) and the New York Stop Hacks and Improved Electronic Data Security Act (SHIELD Act).

⇣   Expand to read more

Practice Focus

  • Privacy risk incident analysis and data breach preparedness and response
  • Privacy and cybersecurity program implementation in compliance with global regulation
  • Intellectual property, technology, media and privacy laws
  • Vendor management, contracts and cross-border data transfer agreements
  • Privacy notices and terms of use agreements
  • Privacy policies, procedures and standards implementation
  • Information handling policies, procedures and standards implementation
  • Records Management policies, procedures and guidelines implementation
  • Employee privacy training and handbooks
  • European Union and international privacy laws

Presentations and Events