Caitlin A. Smith is an associate in the Technology Transactions and Data Privacy practice. Caitlin regularly advises clients of all sizes and industries on domestic and international privacy and data security compliance matters, including issues related to CCPA, GDPR, HIPAA and GLBA. Further, Caitlin advises clients on best practices to prepare for and prevent cybersecurity incidents through risk management counseling, drafting policies and procedures and facilitation of training exercises.

Caitlin regularly counsels clients through data security incidents from investigation and notification stages, through responses to both federal and state regulators. Caitlin is committed to understanding each client’s business practices and objectives to help protect their investment in a range of technologies.

Prior to joining Polsinelli, Caitlin assisted hundreds of companies through cyber incidents as a Privacy Breach Response Services Manager at a leading cyber insurance carrier. Caitlin is a Certified Information Privacy Professional/United States (CIPP/US).

Education

  • Temple University Beasley School of Law (J.D., 2017)
    • University of Delaware (B.A., with distinction, 2012)

      Bar Admission

      • Pennsylvania

      Professional Affiliations

      • Pennsylvania Bar Association
      • International Association of Privacy Professionals

      Recognition

      • Named one of Best Lawyers: Ones to Watch® in America in:
        • Technology Law, 2026
        • Privacy and Data Security Law, 2024-2026
      Publications
      All Publications
      Escalated CCPA Enforcement Delivers Record $2.75M Settlement and Expanded Focus
      Key Takeaways The California Attorney General (AG) reached a record $2.75 million settlement with Disney, stemming from allegations that the company violated the California Consumer Privacy Act (CCPA) by failing to adequately recognize consumer opt-out rights across its diverse platform. The settlement with Disney highlights how both the California AG and the California Privacy Protection Agency (CPPA) are still keenly focused on consumer opt-out rights while increasing scrutiny of complex ecosystems of personal information. Businesses should expect heightened scrutiny into the technical implementation of their consent management platforms and broader enforcement, including potentially steep fines and multi-year compliance obligations for violators. The California AG’s recent $2.75 million settlement with Disney marks a further escalation by enforcers of the CCPA, both in penalty size and
      Read More
      The Hidden Risks of AI Notetakers: What Organizations Need to Evaluate Before Deployment
      Key Takeaways: Organizations are rapidly deploying AI notetaking tools, creating new legal, privacy and security exposure. Those records can undermine privilege, expand cybersecurity risk and trigger domestic and international compliance obligations. Before deployment, organizations should establish internal policies on appropriate use, conduct security and contractual vetting, assess data transfer mechanisms, obtain required disclosures or consent and restrict use in privileged or highly sensitive settings. Organizations are rapidly adopting AI notetaking and meeting assistant tools for their potential to improve efficiency and automate documentation. While these tools may enhance productivity, they also introduce new legal, privacy, security and compliance risk that organizations should carefully evaluate before implementation. Below, we outline key data privacy and compliance risks and practical considerations for businesses that are integrating AI notetaking
      Read More