Trisha Sircar was working as an assistant general counsel and compliance officer of global privacy at AIG when she was offered a leadership opportunity with one of her outside counsel.
Katten was calling and eventually recruited Sircar to be the global head of the firm’s privacy, data and cyber security practice and co-privacy officer of the firm. Sircar joined in January 2020 and over the past couple of years has been recruiting and building her team, which numbers seven attorneys now.
Though she is based in New York, Sircar works closely with Dallas partners Lisa Atlas Genecov, who leads Katten’s health care practice, and David Washburn, who co-chairs the firm’s M&A/private equity group. She is also paired with Dallas office leader Mark Solomon through Kattalyst, the firm’s sponsorship program that focuses on professional development opportunities.
Sircar visited with The Texas Lawbook about how her in-house experience at AIG prepared her for private practice, how she has used her privacy and cybersecurity expertise for a pro bono client and the key developments in her practice that clients should be paying attention to.
The Lawbook: What were two or three of the most interesting matters you handled at AIG? Is that where you developed your expertise in privacy matters?
Sircar: During my eight-year tenure at AIG, I gained valuable experience and insight I can now offer to my clients. As counsel, I assisted with AIG’s global compliance program, which included coordinating with more than 50 locations worldwide to provide a consistent approach to data privacy matters. Among my responsibilities was making certain the company complied with global and U.S. laws, acting as a liaison with AIG’s regulators, coordinating with its litigation team, handling data breaches, and working with outside counsel on matters involving personal information and trade secrets. My experience there as a senior cybersecurity underwriter and cyber claims analyst also enables me to better advise clients on their cyber insurance coverage needs and obligations.
The Lawbook: Why did you decide to move to Katten?
Sircar: Through my in-house work, I developed longstanding client relationships with outside counsel, including Katten. The firm has a well-regarded reputation, and the attorneys I worked with were highly skilled and collaborative. So when opportunity knocked, I opened the door. I joined Katten in January of 2020 and was very interested and eager to work with a variety of clients from healthcare companies to hedge funds in addressing a myriad of issues and challenges that these clients faced in the areas of data privacy and cybersecurity.
The Texas Lawbook: How many lawyers do you have in the firm’s privacy, data and cyber security practice?
Trisha Sircar: Katten has seven attorneys from New York to Chicago to London who are a part of the privacy, data and cybersecurity practice. Additionally, we often work closely with a number of attorneys in our health care practice, led by Lisa Atlas Genecov in Dallas, to address our clients’ concerns related to health care and HIPAA-related issues. I regularly team up with the M&A/private equity group co-chaired by Dallas partner David Washburn, on a variety of data privacy and information security issues related to strategic transactions, including cross-border transactions, acquisitions and divestures; and with the financial markets and funds practice, including but not limited to, U.S. and global financial and regulatory audits, examinations and disclosure obligations.
The Lawbook: Do you represent any clients in Texas? If so, are you able to identify them and describe your work for them?
Sircar: Because Katten has clients all over the world, my team is ready to parachute in and help clients based in Texas and elsewhere across all sectors, including, financial institutions, schools and higher ed, tech companies, manufacturers, retailers, hospitals, and pharmaceutical companies, on a range of privacy, data protection and cyber security related matters.
In Texas, we have worked with a number of healthcare-related companies and educational institutions. Every organization, whether brick and mortar or online, handles personal and/or confidential data and with that comes an array of cybersecurity risks and privacy concerns. This is further magnified with the use of new technology in the hybrid and remote work place, coupled with the ever changing regulatory and legal data privacy and cyber security landscape. That’s where we can step in and advise on data privacy compliance obligations, data and cyber security best practices, incident response, records management and other complex issues that are constantly surfacing.
My work also includes counseling companies on how to manage and mitigate the risks associated with the collection, use and disclosure of personal data and confidential information, and guiding them on new legal and regulatory developments in this area. We are living in an era where technology is constantly evolving, so we want to ensure that our clients are adapting to the times in compliance with the complex law and regulations.
The Lawbook: What are one or two of the most interesting matters you have handled at Katten?
Sircar: Privacy and cybersecurity risks have heightened with the pandemic in ways that the world has never seen before. Many companies quickly moved to remote work environments and schools shifted to online learning and with that a number of concerns regarding employee and student privacy and cybersecurity came to the forefront. We helped our clients navigate such challenges and assisted in selecting secure online solutions and adopting appropriate policies and procedures.
We also offered the same expertise and assistance to our pro bono clients. One such example is a pro bono matter I handled for a nonprofit organization that supplements literacy programs using registered therapy dogs to motivate kids to read. I helped the organization draft appropriate public facing policies and update parental consent forms and disclosures for its virtual learning platform.
The Lawbook: I see you are a fellow and member of the Leadership Council on Legal Diversity. How has the organization impacted you as a leader? Who have been key mentors in your career?
Sircar: As a LCLD fellow, I was able to enhance my leadership skills and was afforded pitching and networking opportunities with top leaders in the legal profession. It was through this platform that I got connected to my mentee, who I aim to help in her career just as others have done for me. I also am focused on continuing to grow in my career through Katten’s sponsorship program called Kattalyst in which I have been fortunate enough to be paired with Dallas managing partner Mark Solomon as my sponsor. The firm works hard to offer professional development opportunities so every attorney can be successful. Through Kattalyst, I have learned about business development strategies and how to deliver effective feedback, foster new relationships and strengthen existing ones. These are things I know will help me become a better leader.
The Lawbook: What are the key developments and/or emerging trends in your privacy practice that your clients should be paying attention to?
Sircar: There is so much constant activity in this space, primarily due to the value of data, the global digital economy, emerging technology, innovation, the hybrid/remote work place and new laws and regulations. With the rapid pace of these developments, our clients are constantly faced with newly discovered and often onerous issues, while navigating the complex and ever changing regulation of privacy and data protection.
The U.S. has seen the recent enactment of several state data privacy laws (including California, Virginia, Colorado, Utah and Connecticut) and the potential for a federal privacy bill. In addition, we have seen new data privacy and information requirements from our U.S. financial regulators, such as the SEC and the FTC. Internationally, we have seen sweeping changes in data privacy regulation in Europe, the UK and China. These data privacy regimes often have conflicting requirements, and our clients will need to pay close attention to ensure compliance with these existing and new laws and regulations both in the U.S. and internationally.
Furthermore, the hybrid work environment has created a variety of new privacy and cybersecurity concerns and challenges for individuals and organizations. In addition, we are seeing an increase ransomware and other cyber-attacks, which can deeply impact companies and institutions in terms of cost, reputation, service disruption and fallout.
The Lawbook: Is there anything else you would like to add?
Sircar: In addition to leading the practice, I also serve as the firm’s co-privacy officer and as the co-chair of the International Association of Privacy Professionals (IAPP) KnowledgeNet New York chapter, which offers regional networking, speaking and learning opportunities for the privacy industry. I encourage any attorney who deals with data protection to get involved as the IAPP is a wonderful resource.
Publisher’s Note: Katten is a sponsor of The Lawbook’s Corporate Deal Tracker page. This Q&A is an associated thought leadership piece.