KATHRYN ALLEN advises global companies on a broad range of privacy compliance and incident response matters. She brings almost a decade of experience to clients across industries, including healthcare, technology, financial, manufacturing, and retail. As the calming and practical voice in situations of duress, she guides clients through complex data incidents and assists in all stages of each matter, including the discovery, investigation, remediation, and notification processes. She is experienced in negotiating multimillion-dollar data sharing, technology, and software contracts, as well as reviewing the contractual notice requirements involved with incident response. Kathryn navigates global data incidents by coordinating across offices and has provided notices in over 30 countries. She brings keen insight to the technical components of her clients’ investigations due to her extensive work with IT and forensic professionals.
Kathryn also helps clients build out their privacy programs, including leading data mapping exercises, shaping internal and external policies, and training employees and boards on the ever-evolving privacy landscape. She frequently drafts privacy documents and policies which synthesize a number of complex laws into a single governing document. Kathryn leverages her prior experience in technology transactions to generate data processing agreements and governance documentation, including written information security policies, incident response plans, and acceptable use policies.
Kathryn returned to Sidley in 2024 after a seven-month secondment at a major technology company where she was an integral part of a global team working on privacy law matters.
Prior to joining Sidley, Kathryn worked at an AM Law 100 firm, where she assisted clients in privacy matters, responded to data incidents, and negotiated complex software agreements.