About Trisha Sircar

Data privacy and information security considerations coupled with global regulatory compliance obligations are increasing and becoming more complex. Businesses, consumers, and individuals need protection — Trisha Sircar provides clients with practical guidance and creative solutions to manage global privacy and data security risks and compliance challenges.

Operating at the intersection of technology and law

Trisha heads our Privacy, Data and Cybersecurity Practice and is Katten’s Co-Privacy Officer. She collaborates with clients across all industries, including financial services, retail, manufacturing, education, new and emerging technology, professional sports, media, travel, and health care. She counsels them on managing and mitigating the risks associated with the collection, use and disclosure of personal data and confidential information. This involves strategizing with clients to develop and operationalize a comprehensive and effective global privacy program and assisting them in assessing and managing their day-to-day privacy compliance needs and risks. Trisha helps clients with developing policy and procedures, administering training, incident response, responding to data subject requests, drafting privacy impact assessments, negotiating cross-border data transactions, and providing counsel on strategic transactions, including mergers and acquisitions, divestitures, diversity, equity and inclusion (DEI), bankruptcy, cyber insurance coverage selection, artificial intelligence (AI) and other strategic transactions.

Trisha advises on the practical application of complex state, federal and international privacy and information security legislation and regulation. She helps clients navigate regulatory requests and audits. Trisha also reviews, drafts and negotiates global privacy, data security and records management provisions in third-party contracts and cross-border data transfer agreements, as well as assists clients with developing vendor management and records management programs. Additionally, Trisha counsels on multi-jurisdictional incident response obligations and supports clients with developing incident response programs and tailored privacy training. She collaborates and strategizes with cross-functional teams to address their privacy, data and cybersecurity compliance needs.

Trisha helps clients develop and implement privacy, data security, technology usage, records retention and information handling governance programs, and develops written guidelines, policies, standards and procedures in compliance with the applicable US and international data protection laws, including but not limited to the California Consumer Privacy Act (CCPA), the Children’s Online Privacy Protection Act (COPPA), the Federal Trade Commission (FTC) Act, the General Data Protection Regulation (GDPR), the Gramm-Leach Bliley Act (GLBA), the General Personal Data Protection Law (LGPD), the Health Insurance Portability and Accountability Act (HIPAA), the Personal Information and Protection Law (PIPL), the New York Stop Hacks and Improved Electronic Data Security Act (SHIELD Act), the UK Data Protection Act, and other international and US privacy laws. In addition, Trisha advises clients on privacy, cybersecurity and risk management compliance obligations imposed by the Consumer Financial Protection Bureau, the New York Department of Financial Services, the Security and Exchange Commission and Works Council.

⇣   Expand to read more

Practice Focus

  • Privacy risk incident analysis and data breach preparedness and response
  • Privacy and cybersecurity program implementation in compliance with global regulation
  • Data subject requests
  • Data protecting impact assessments
  • Intellectual property, technology, media and privacy laws
  • Vendor management, contracts and cross-border data transfer agreements
  • Privacy notices and terms of use agreements
  • Privacy policies, procedures and standards implementation
  • Cookie compliance
  • Information handling policies, procedures and standards implementation
  • Records Management and data classification policies, procedures and guidelines implementation
  • Employee privacy training and handbooks
  • Brazil, China, the European Union, Japan, Singapore, the United Kingdom and other international privacy laws

Representative Experience

  • Primary privacy counsel to a SEC-registered, global advisory-focused investment bank, including assisting in all aspects of its global privacy, data protection, data breach and safeguards programs, in the EU, Hong Kong, Japan, Saudi Arabia, the US and the UK.
  • Principal outside privacy counsel to a New York headquartered global investment management firm regulated by the CFTC, FTC, SEC and NFA with clients in Africa, Asia, Europe, Oceania, North America, and South America.
  • Assisted a US insurance company with NY DFS Part 500 compliance and certification obligations.
  • Provided counsel to an international bank on compliance with institutional client policies and procedures in Singapore, the UK, and the US.
  • Counseled a credit union on use of biometric data and AI for fraud protection and customer authentication.
  • Assisted a manufacturer of component parts with privacy policy development and compliance obligations under the CCPA, GDPR and PIPL.
  • Negotiated a complex ticketing and e-commerce agreements for professional sports team.
  • Operationalize all CCPA, GDPR and PIPEDA policies, procedures and processes for retail client.
  • Handled a multi-state data breach and liaise with regulators for client in highly regulated industry.
  • Develop and operationalize an investment bank client’s records management program.

News

Publications

Quick Reads

Presentations and Events

Practices
Industries
Education
  • Pace Law School, JD
  • University of New South Wales, BComm
Bar Admissions
  • New York
Court Admissions
  • US District Court, Southern District of New York
  • US District Court, District of Connecticut
Community Involvements
  • International Association of Privacy Professionals
  • Leadership Council on Legal Diversity
  • South Asian Bar Association
  • Women in Security and Privacy
Languages
  • Bengali
Recognitions
Recognized or listed in the following:
  • JD Supra Reader's Choice - Top Author
    Data Privacy, 2024
  • JD Supra Reader's Choice - Top Read Article
    Data Privacy, 2025
Award Methodologies