• vcard
  • Education
    • J.D., Order of the Coif, University of Kansas School of Law, 2013, Business and Commercial Law Certificate, Advocacy Certificate; Articles Editor for Kansas Law Review
    • B.A., summa cum laude, Creighton University, 2010, Computer Science, Philosophy
With a background in computer programming, Steven Hengeli takes a problem-solving approach to privacy, data security, and technology transactions. He aims to provide practical legal advice, taking into consideration not only the legal risks involved, but the business impact. Steve uses his technology background to assist clients in the software, Internet-of-Things, and medical device industries build privacy and security into their products. 

Steve helps clients in a variety of industries by: 
  • Conducting comprehensive privacy and data security risk assessments, and providing prioritized remediation recommendations 
  • Counseling on compliance with variety of U.S. and international privacy and data security laws, regulations, standards, and frameworks, including the EU General Data Protection Regulation (EU GDPR), ePrivacy Directive, and the EU-U.S. Privacy Shield; COPPA; HIPAA/HITECH; CAN-SPAM; TCPA; and PCI DSS 
  • Negotiating data processing agreements, data transfer agreements (including for cross-border transfers), and cloud service agreements 
  • Drafting website and app privacy policies, cookie policies, terms of use agreements, software license agreements, and API license agreements 
  • Counseling on legal issues arising from technology adoption and development, including open source software licensing 
  • Developing internal privacy and data security policies and procedures, and incident response plans 

Steve is a Certified Information Privacy Professional for Europe (CIPP/E). Before joining Polsinelli, he worked for a boutique privacy and information governance law firm, where he assisted multinational corporations in preparing for the EU GDPR and in addressing other emerging privacy and data security challenges. On the information governance side, he helped clients with defensible disposition of legacy data (including sensitive information), data mapping, data classification, and selection of enterprise content management technology.
eAlerts Updates
October 4, 2019
text icon Publications & Presentations
August 8, 2019
eAlerts Updates
November 2018
eAlerts Updates
October 2018
eAlerts Updates
June 2018
text icon Publications & Presentations
Issues Up Close: Cyber Security
Co-Panelist, Centurions Organization at the Cerner Innovations Campus
January 23, 2018
text icon Publications & Presentations
Polsinelli on Privacy Blog
November 2, 2017
text icon Publications & Presentations
Recent Developments in State and Federal Privacy and Security Laws and Regulations
Co-Presenter, Association of Corporate Counsel Mid-America Chapter; Omaha, NE
April 12, 2017
text icon Publications & Presentations
Inviting Legal to the BYOD Party
Co-Presenter, Douglas County Bar Association; Lawrence, KS
August 18, 2016
text icon Publications & Presentations
No HIPAA, No Problem? Not Necessarily. State Law Privacy and Security Challenges for Consumer Health Devices
Co-Author; The Data & Security Dispatch, Vol. 2, No. 1
May 2016