About Trisha Sircar

The value of data as an asset has increased substantially in today's global digital economy. In the high-stakes environment of global intellectual property and technology services, businesses, consumers and individuals need protection. With more than a decade of experience in helping to protect a wide range of businesses — including one of the world's largest insurance companies — Privacy, Data and Cybersecurity partner Trisha Sircar provides practical guidance and creative solutions regarding global privacy and data security risks and compliance issues.

Operating at the intersection of technology and law

Trisha provides clients with practical advice to help manage and mitigate the risks associated with the collection, use and disclosure of personal data and confidential information. This involves strategizing with clients to develop and maintain a global privacy program and assisting them in managing their day-to-day privacy compliance needs. Trisha reviews, drafts and negotiates global privacy, data security and records management provisions in third-party contracts and cross-border data transfer agreements. She conducts extensive privacy impact assessments to evaluate technology, analytics and innovation projects, and helps implement such projects in compliance with applicable privacy, data security and records management requirements.

Trisha assists clients with tailoring comprehensive and effective compliance programs, minimizing litigation, third-party, operational and regulatory risk, and reviewing insurance coverage needs and obligations. She also helps clients with crafting privacy notices and policies, cookies policies, and terms of use agreements that involve a wide array of data sets and usages. She provides guidance on vendor management, data inventory mapping and managing data access requests.

She also advises on the practical application of complex state, federal and international privacy and information security legislation, regulation and case law developments, and coordinates with government affairs teams and local compliance officers to advocate a client's position and interests within US and international working groups and trade associations, on proposed legislation, regulation and industry frameworks.

Trisha provides strategic advice on information security and privacy-related incident response, including global notification obligations, crisis management, and internal and external communications. In addition, she develops proactive incident response solutions through the creation of robust incident response programs and tabletops, tailoring appropriate notification solutions and ensuring the correct personnel and vendors are in place. She counsels clients on handling regulatory investigations and lawsuits arising from a privacy and cyber incident and any resulting theft, loss or unauthorized use of confidential or personal information, as well as any alleged violations of applicable data privacy laws.

Trisha helps clients develop employee privacy, cybersecurity and records management training playbooks and awareness campaigns in connection with corporate compliance programs. She prepares comprehensive privacy, cybersecurity, information handling and records management guidelines, policies, standards and procedures in compliance with the applicable US and international data protection laws, including but not limited to, the Federal Trade Commission (FTC) Act, the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA) and the New York Department of Financial Services Cybersecurity Regulation (23 NYCRR 500).

⇣   Expand to read more

Practice Focus

  • Privacy risk incident analysis and data breach preparedness and response
  • Privacy and cybersecurity program implementation in compliance with global regulation
  • Intellectual property, technology, media and privacy laws
  • Vendor management, contracts and cross-border data transfer agreements
  • Privacy notices and terms of use agreements
  • Privacy policies, procedures and standards implementation
  • Information handling policies, procedures and standards implementation
  • Records Management policies, procedures and guidelines implementation
  • Employee privacy training and handbooks
  • European Union and international privacy laws

Presentations and Events