• vcard
  • Education
    • J.D., Order of the Coif, University of Kansas School of Law, 2013, Business and Commercial Law Certificate, Advocacy Certificate; Articles Editor for Kansas Law Review
    • B.A., summa cum laude, Creighton University, 2010, Computer Science, Philosophy

With a background in computer programming, Steve Hengeli takes a problem-solving approach to privacy, data security, and technology transactions. Steve works with clients in a variety of industries, including highly-regulated and innovative industries such as healthcare, pharmaceutical/medical device, banking, and mobility and vehicle use. He also works with start-up and established companies to develop strategies to maximize the value of their data while minimizing risks and costs.

Steve helps clients by:  

  • Conducting comprehensive privacy and data security risk assessments, and providing prioritized remediation recommendations 
  • Counseling on compliance with variety of U.S. and international privacy and data security laws, regulations, standards, and frameworks, including the California Consumer Privacy Act (CCPA), EU General Data Protection Regulation (EU GDPR), ePrivacy Directive, and the EU-U.S. Privacy Shield; COPPA; HIPAA/HITECH; CAN-SPAM; Telephone Consumer Protection Act (TCPA); and PCI DSS 
  • Negotiating cloud services agreements, data processing agreements, data transfer agreements (including for cross-border transfers), development agreements, and data use agreements
  • Drafting website and app privacy policies, cookie policies, terms of use agreements, software license agreements, and API license agreements 
  • Counseling on legal issues arising from technology adoption and development, including open source software licensing 
  • Developing internal privacy and data security policies and procedures, and incident response plans 
Steve is a Certified Information Privacy Professional for Europe (CIPP/E) and the United States (CIPP/US). Before joining Polsinelli, he worked for a boutique privacy and information governance law firm, where he assisted multinational corporations in preparing for the EU GDPR and in addressing other emerging privacy and data security challenges. On the information governance side, he helped clients with defensible disposition of legacy data (including sensitive information), data mapping, data classification, and selection of enterprise content management technology.
eAlerts Updates
July 17, 2020
eAlerts Updates
July 2, 2020
text icon Publications & Presentations
GPDR For Healthcare – Part 2
Presenter, Greater KC Society of Healthcare Attorneys, Kansas City, MO
October 16, 2019
eAlerts Updates
October 4, 2019
text icon Publications & Presentations
GDPR Update
Presenter, National Nuclear Security Association’s General Counsel Conference, Kansas City, MO
September 4, 2019
text icon Publications & Presentations
August 8, 2019
text icon Publications & Presentations
Information Security: Lessons Learned from Recent Data Breaches and Enforcement Actions
Co-Presenter, Technology 2030 Conference, St. Louis, MO
March 21, 2019
eAlerts Updates
November 2018
text icon Publications & Presentations
GDPR For Healthcare
Presenter, Greater KC Society of Healthcare Attorneys, Kansas City, MO
November 28, 2018
eAlerts Updates
October 2018