About Trisha Sircar

Data privacy and information security considerations coupled with global regulatory compliance obligations are increasing and becoming more complex. Businesses, consumers, and individuals need protection — Trisha Sircar provides clients with practical guidance and creative solutions to manage global privacy and data security risks and compliance challenges.

Operating at the intersection of technology and law

Trisha works with clients across all industries, including financial services, retail, manufacturing, education, new and emerging technology, professional sports, media, travel, and health care. She counsels them on managing and mitigating the risks associated with the collection, use and disclosure of personal data and confidential information. This involves strategizing with clients to develop and maintain a comprehensive and effective global privacy program and assisting them in assessing and managing their day-to-day privacy compliance needs and risks, including in connection with diversity, equity and inclusion activities, mergers and acquisitions, bankruptcy, cyber insurance coverage selection and other strategic transactions.

Trisha advises on the practical application of complex state, federal and international privacy and information security legislation, regulation and case law developments. She helps clients navigate regulatory examinations and inspections. She reviews, drafts and negotiates global privacy, data security and records management provisions in third-party contracts and cross-border data transfer agreements, as well as provides strategic guidance on vendor management. Additionally, Trisha counsels on multi-jurisdictional incident response obligations and assists with developing proactive incident response programs.

With her significant experience in the insurance sector, Trisha provides guidance related to cyber insurance coverage needs and obligations. She helps clients develop privacy, data security, technology usage, records retention and information handling governance programs, and develops written guidelines, policies, standards and procedures in compliance with the applicable US and international data protection laws, including but not limited to, the California Privacy Rights Act (CPRA), the Children’s Online Privacy Protection Act (COPPA), the Federal Trade Commission (FTC) Act, General Personal Data Protection Law (LGPD), the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), the Personal Information and Protection Law (PIPL), the New York Stop Hacks and Improved Electronic Data Security Act (SHIELD Act), and other US state privacy laws.

⇣   Expand to read more

Practice Focus

  • Privacy risk incident analysis and data breach preparedness and response
  • Privacy and cybersecurity program implementation in compliance with global regulation
  • Intellectual property, technology, media and privacy laws
  • Vendor management, contracts and cross-border data transfer agreements
  • Privacy notices and terms of use agreements
  • Privacy policies, procedures and standards implementation
  • Information handling policies, procedures and standards implementation
  • Records Management policies, procedures and guidelines implementation
  • Employee privacy training and handbooks
  • European Union, China, Brazil and other international privacy laws

News

Publications

Quick Reads

Presentations and Events

Practices
Industries
Education
  • Pace Law School, JD
  • University of New South Wales, BComm
Bar Admissions
  • New York
Court Admissions
  • US District Court, Southern District of New York
  • US District Court, District of Connecticut
Community Involvements
  • International Association of Privacy Professionals
  • Women in Security and Privacy