Lisa Acevedo brings nearly two decades of deep experience in privacy and security to provide clients with business-focused compliance strategies to maximize the benefits of personal data while minimizing and responding to ever-changing threats and risks. As the chair of Polsinelli’s Health Information Privacy and Security team, Lisa provides strategic counsel in the areas of federal privacy laws and regulations, including HIPAA, the Confidentiality of Alcohol and Drug Use Treatment Records (42 CFR Part 2), as well as state laws governing the confidentiality of personal information, health information, mental health records, and records containing other highly sensitive information. She also advises multi- national health-care companies with international data protection laws that impact their use and transfer of health and other personal data, including the EU General Data Protection Regulation and privacy laws and regulations in Canada, the Asia Pacific and Latin America regions.
Lisa assists clients in developing, implementing, and updating their privacy and security compliance programs. She advises clients on a range of issues including compliance with the various federal and international data protection laws that are implicated by their digital transformation strategies. She guides clients through data protection issues implicated by data sharing arrangements, including for research and quality of care purposes, and guides them through critical transactions, such as structuring complex strategic alliances involving data.
Lisa counsels clients through data security incidents and breaches. She has assisted clients in responding to breaches, including those involving phishing attacks and other malware, theft and vendor breaches, involving hundreds of thousands of affected patients. She has also successfully guided clients through Office for Civil Rights and state agency investigations resulting in closure of those investigations with no fines or penalties.
Lisa is well-respected at Polsinelli as a team-builder and mentor. She has mentored several young women, including two who have recently been elevated from associate to shareholder.
Lisa earned the designation of Certified Information Privacy Professional-U.S. (CIPP/US) through the International Association of Privacy Professionals (IAPP). She also earned the designation of Certified Information Privacy Professional- Europe (CIPP/E) through IAPP. Lisa has devoted significant time over the years to sharing her knowledge with others and has written a number of articles and papers on data privacy issues. She has also presented on privacy and security topics at national conferences.
Lisa is currently a member of the DePaul University College of Law Dean’s Advisory Council. She was a 2019 recipient of the DePaul University College of Law, DePaul Law Review Sapientia Award, which is presented each year to a deserving and distinguished alum of the DePaul Law Review. Lisa has previously served as the vice chair of the Healthcare Technology Committee within the American Bar Association’s Section of Science and Technology Law. She has also previously served as chair of the Latina Lawyers Committee of the Hispanic Lawyers Association of Illinois.