Overview
Experience
Areas of Focus
Insights
News
Recognition
Professional & Community Involvement
Speaking Engagements
Credentials
Background
Overview
Trish Carreiro is an experienced data lawyer who focuses on minimizing the risks associated with data collection, use, transfer, storage, and disclosure. She is certified as an artificial intelligence governance professional (AIGP), certified information privacy professional (CIPP/US), certified information privacy manager (CIPM), and fellow in information privacy (FIP), and she is a prior multiterm co-chair of the International Association of Privacy Professionals’ South Florida chapter.
Trained as a business litigator, Trish combines her litigation skills with technical proficiency in cybersecurity, privacy, and artificlal intelligence to:
In the health care sphere, Trish has been advising clients and publishing thought leadership for nearly a decade. When COVID-19 struck, Trish was one of the first to begin writing about the privacy and cybersecurity challenges facing the health care industry and, more important, how to navigate them. She has represented numerous health care providers in class action breach litigation, data breach response, and post-breach Office for Civil Rights and attorneys general investigations, and she has drafted comprehensive HIPAA compliance programs for HIPAA-covered entities and business associates.
A recognized thought leader, Trish uses her litigation perspective to guide clients to both avoid, and effectively handle, privacy and cybersecurity litigation. She is a frequent speaker on these topics, and her insights have been featured in publications including Bloomberg Health Law & Business, Law360, Law.com, Corporate Counsel, Today’s General Counsel, InsideCounsel, The Cybersecurity Law Report, Data Breach Today, Health IT Security, Healthcare IT News, Healthcare Infosecurity, Life Annuity Specialist, Fierce Healthcare, Daily Business Review, Miami Herald, Dark Reading, STAT, and Tampa Bay Business Journal.
Her prior experience includes time with the U.S. Department of Justice Criminal Division’s Fraud Section, the U.S. Securities and Exchange Commission Division of Enforcement, the New York State Attorney General’s Medicaid Fraud Unit, and the Connecticut Commission on Human Rights and Opportunities. She is proficient in Spanish and Portuguese.
Trish is the chair of the firm's Cybersecurity and Privacy Practice.
Trained as a business litigator, Trish combines her litigation skills with technical proficiency in cybersecurity, privacy, and artificlal intelligence to:
- Advise highly regulated businesses on privacy, cybersecurity, and artificial intelligence governance compliance, program management, and related prophalactic measures.
- Negotiate data processing terms and technology agreements.
- Respond to cybersecurity incidents.
- Advise on proactive risk management regarding new and emerging technologies and data uses.
- Defend against privacy, cybersecurity, or data-related putative class actions and regulatory inquiries.
- Market their products in new and innovative ways.
- Streamline their privacy compliance.
- Adjust to changing laws.
- Digitize their application process.
- Increase consumer engagement.
- Respond to cybersecurity incidents.
- Apply new technologies and data to underwrite their risk.
- Incorporate artificial intelligence into their business.
- Respond to regulatory inquiries.
- Defend against putative class actions.
In the health care sphere, Trish has been advising clients and publishing thought leadership for nearly a decade. When COVID-19 struck, Trish was one of the first to begin writing about the privacy and cybersecurity challenges facing the health care industry and, more important, how to navigate them. She has represented numerous health care providers in class action breach litigation, data breach response, and post-breach Office for Civil Rights and attorneys general investigations, and she has drafted comprehensive HIPAA compliance programs for HIPAA-covered entities and business associates.
A recognized thought leader, Trish uses her litigation perspective to guide clients to both avoid, and effectively handle, privacy and cybersecurity litigation. She is a frequent speaker on these topics, and her insights have been featured in publications including Bloomberg Health Law & Business, Law360, Law.com, Corporate Counsel, Today’s General Counsel, InsideCounsel, The Cybersecurity Law Report, Data Breach Today, Health IT Security, Healthcare IT News, Healthcare Infosecurity, Life Annuity Specialist, Fierce Healthcare, Daily Business Review, Miami Herald, Dark Reading, STAT, and Tampa Bay Business Journal.
Her prior experience includes time with the U.S. Department of Justice Criminal Division’s Fraud Section, the U.S. Securities and Exchange Commission Division of Enforcement, the New York State Attorney General’s Medicaid Fraud Unit, and the Connecticut Commission on Human Rights and Opportunities. She is proficient in Spanish and Portuguese.
Trish is the chair of the firm's Cybersecurity and Privacy Practice.
When we got off the call, the whole room simultaneously broke out in praise for how great it is working with Trish. She exhibits clear, collaborative, decisive, understanding of our business situation."
Experience
Artificial Intelligence and Emergent Technologies
Financial Institutions
- Advised businesses of varying sizes regarding procurement, use, and governance of artificial intelligence, including analyzing risks and risk mitigation measures, building governance structure, negotiating contracts, and drafting notices, consents, and associated policies and procedures for various use cases, such as meeting notetaking, locating/summarizing policy information, marketing content creation, and chatbots for customer service and other consumer engagement initiatives.
- Counseled businesses across industries regarding use of various technologies and methods for increasing digital engagement.
- Advised one of the nation’s largest banks on possible causes of action, defenses, class action strategy, and litigation options following nationwide data breach.
- Advised large, publicly traded financial institution regarding multiple data breach class actions.
- Settled multiple data breach class action demands for no payment and without a single court filing.
- Defended multiple health care providers in class action breach litigations stemming from cybersecurity attacks.
- Represented various entities in responding to consumer allegations of privacy violations, including in relation to website technologies, such as Meta Pixel and cookies.
Financial Institutions
- Advised multiple large brokerages regarding privacy policy program needs, including privacy notices, data processing agreements, and internal policies and procedures.
- Advised large life insurers and affiliated producers regarding privacy compliance throughout development of fully electronic automated underwriting application, including negotiating contractual agreements with third-party service providers, developing procedures for operationalizing and demonstrating privacy compliance, and drafting privacy policies, procedures, notices, and authorizations.
- Counseled various financial institutions, including insurers, producers, and mortgage servicers, regarding compliance with privacy laws such as the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act (CCPA), the Telephone Consumer Protection Act of 1991 (TCPA), the CAN-SPAM Act of 2003, the Telemarketing Sales Rule, the Fair Credit Reporting Act, the Health Insurance Portability and Accountability Act (HIPAA), and National Association of Insurance Commissioners (NAIC) model laws, as applicable.
- Advised multiple insurers regarding:
- Notices and consents needed when seeking information about applicants/insureds from third parties, or seeking to share applicant/insured information with third parties for transactional or marketing purposes.
- Privacy compliance regarding contacting applicants/insureds via varying means throughout the insurance application process.
- Development of mobile applications.
- Handling of consumer data subject requests to know, correct, delete, or limit sharing.
- Cybersecurity obligations.
- Responding to, and preparing for, examinations regarding cybersecurity and privacy practices.
- Counseled financial institutions regarding intersection of the GLBA and state privacy laws, such as the CCPA.
- Advised large financial entities regarding contractual privacy provisions, privacy compliance, and cybersecurity insurance coverage.
- Drafted privacy policies, associated notices, and privacy request processing procedures for organizations across industries and regimes.
- Drafted comprehensive HIPAA compliance program for HIPAA-covered entity, including drafting associated policies and procedures.
- Managed breach response for various HIPAA entities, including covered entities and business associates, throughout breach investigation, required reporting and notifications, and any associated litigation.
- Advised business associates regarding compliance with the CCPA, including drafting necessary privacy notices and establishing procedures for processing associated privacy requests.
- Advised health care entities regarding privacy compliance needs, including privacy practices, mobile application and website terms, and internal policies and procedures.
- Advised multiple Fortune 500 companies regarding adjustments needed to comply with new state privacy laws.
- Design and implement privacy program for large U.S.-based retailer.
- Create privacy policies and website terms of use.
- Draft and negotiate data processing agreements and contractual provisions for vendor management.
- Draft internal privacy and cybersecurity policies and procedures, including breach response, data retention/destruction, and others.
- Advise regarding privacy and cybersecurity risk management, including key contractual provisions and policy best practices.
- Represented companies in investigating and responding to phishing, ransomware, business email compromises, and wire diversion schemes.
- Executed data breach response for companies of all sizes, including managing forensic investigation, data mining, and required reporting to regulators, law enforcement, media, and consumers for breaches of CPNI, GDPR data, and other personal information. Representative entities include insurers, producers, health care providers, retailers, telecommunications carriers, and businesses large and small.
- Represented health care providers throughout post-breach Office for Civil Rights and attorneys general investigations.
Areas of Focus
Practices
Industries
Insights
News
Recognition
- The Best Lawyers in America: Ones to Watch, Commercial Litigation, Health Care Law (2024–2025)
Professional & Community Involvement
- Association of Life Insurance Counsel
- Connecticut Bar Association
- House of Delegates District 12 (Hartford) Representative (2018–2019)
- Executive Committee, Women in the Law Section (2016–2019)
- FAIR Institute
- Cyber Insurance Workgroup (2018)
- Greater Miami Chamber of Commerce
- Technology and Innovation Committee
- International Association of Privacy Professionals
- Women Leading Privacy
- Co-Chair, South Florida KnowledgeNet Chapter
- Leadership Council on Legal Diversity
- Fellow (2024)
- National Association for Fixed Annuities
- Education Committee
- 2024 Leadership Forum, Planning Committee
- United Way Women United
Speaking Engagements
- “The Latest Cybersecurity, Privacy, and Data Rights Developments,” ALI CLE Conference on Life Insurance Products, Washington, D.C. (November 8, 2024)
- "Careers in Privacy," Stetson University College of Law (October 24, 2024)
- "Privacy Class Action Claims Impacting the Life Industry," ALIC Fly-In, New York, NY (October 17, 2024)
- "Cybersecurity Update," 2024 NAFA Annuity Leadership Forum, Washington, D.C. (June 24, 2024)
- "Litigation Risk: What Every Insurer and Innovator Needs to Know," 2024 Global Insurance Symposium, Des Moines, IA (April 16, 2024)
- "Privacy, Cybersecurity, and Artificial Intelligence,” Journal of International Law Symposium, University of Florida Levin College of Law (March 1, 2024)
- "The Latest Privacy Developments,” Integrity Marketing Compliance Summit, Washington, D.C. (February 27, 2024)
- "Preparing for Cybersecurity and Privacy Success in 2024," National Association for Fixed Annuities (February 8, 2024)
- "Cybersecurity and Data Privacy and Rights Management," ALI CLE Conference on Life Insurance Products, Washington, D.C. (November 2, 2023)
- "What Does AI Mean for Your Business?," Artificial Intelligence Forum, Greater Miami Chamber of Commerce, Miami, FL (October 25, 2023)
- "Privacy, Cybersecurity, and Artificial Intelligence for Startups," Nova Southeastern University, Berger Entrepreneur Law Clinic (October 13, 2023)
- "Privacy and the Use of AI," Law and Compliance All Hands Meeting, Symetra Life Insurance Co. (October 12, 2023)
- "The Good, the Bad, and the Ugly: AI in the Life Insurance Industry," 2023 ALIC Fly-In, Cincinnati, OH (October 3, 2023)
- "Website Tech Fueling Privacy Litigation: How to Reduce Your Risk," Carlton Fields (April 17, 2023)
- "Cybersecurity Fraud Threats: Attacks Against Insurers, Contract Owners, and Retirement Account Holders," 2022 ALIC Regional Insurance Counsel Roundtable (October 25, 2022)
- "Financial Services Cyber Fraud: The Latest Risks and Best Responses," Carlton Fields (October 20, 2022)
- "The Latest Cyber Threats and Coverage Issues," Carlton Fields (June 28, 2022)
- "An Overview of Life Insurers’ Privacy and Cybersecurity Requirements," Carlton Fields (June 21, 2022)
- “Digital Marketing: Thriving, Surviving, or Dead on Arrival?,” International Association of Privacy Professionals (March 2022)
- “Data Breach Litigation,” Global Aesthetics Conference (November 2021)
- “HIPAA Breaches,” Miami Cosmetic Surgery & Aesthetic Dermatology Symposium (August 2021)
- "Decision-Making with FAIR - Quantification and the Rise of Class Action Lawsuits," 2020 FAIR Conference (October 2020)
- "Privacy Leaders Circle: Miami," Truyo (July 9, 2020)
- "Privacy Policy and Terms of Use Basics for Start Ups," Nova Southeastern University Shepard Broad College of Law (March 2020)
- "Evaluating Cyber Insurance Using the FAIR Doctrine," Legal Services Information Sharing and Analysis Organization (LS-ISAO) (May 2019)
- "Using FAIR to Optimize Your Cyber Insurance Coverage," 2018 FAIR Conference on Information Risk Management (October 2018)
- "Data Breach Litigation: Recent Trends and Developments," The Knowledge Group (June 2018)
- "Cyber & Law: It’s Really About the Money," Evolver (January 2018)
- "Which Insurance Would Cover a Breach-Related Injury?," Healthcare Info Security (October 2017)
- "Cyber Risk and Liability Insurance: What Is It and Why You Need It," The Knowledge Group (October 2017)
- "She Leads: Women in the Law," Quinnipiac University School of Law (November 2016)
- "Cybersecurity Litigation and the Role of Cyber Insurance," Connecticut Law Tribune (September 2015)
Credentials
Education
- New York University School of Law (J.D., 2013)
- Duke University (B.A., 2008)
Bar Admissions
Industry Specialization Certifications
Languages
Court Admissions
Background
- Litigation Associate, Axinn, Veltrop & Harkrider LLP, Hartford, CT (2015–2019)
- Litigation Associate, Wofsey Rosen Kweskin & Kuriansky LLP, Stamford, CT (2013–2015)
The information on this website is presented as a service for our clients and Internet users and is not intended to be legal advice, nor should you consider it as such. Although we welcome your inquiries, please keep in mind that merely contacting us will not establish an attorney-client relationship between us. Consequently, you should not convey any confidential information to us until a formal attorney-client relationship has been established. Please remember that electronic correspondence on the internet is not secure and that you should not include sensitive or confidential information in messages. With that in mind, we look forward to hearing from you.