Kari Prochaska is an associate in the Communications & Media Department. Kari’s practice focuses on privacy and cybersecurity, advising clients on various domestic and international privacy and cybersecurity laws and regulations, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), the NYDFS Cybersecurity Regulation, and the Gramm-Leach-Bliley Act (GLBA). Additionally, Kari counsels clients on enterprise-wide compliance for industry standards, such as the Payment Card Industry Data Security Standard (PCI DSS). In response to the ever-evolving legal and regulatory landscape, Kari monitors and advises clients on how privacy and data security legislative and regulatory developments may impact their business practices.

Kari has significant experience counseling clients regarding the implementation of GDPR and CCPA compliance programs, including advising on data mapping, data subject request procedures, internal- and external-facing policies, and cross-border data transfer mechanisms. She regularly drafts and negotiates both data processing agreements and privacy and data security provisions in service provider agreements. She counsels clients on privacy and data security deficiencies and remediation in legacy customer and vendor contracts.

Kari frequently conducts privacy and cybersecurity-related diligence for numerous corporate transactions for companies across a wide range of industries, including telecommunications, financial services, manufacturing, e-commerce, and healthcare. She advises clients regarding the compliance posture of target companies and proactively assists in developing post-closing integration strategies.

Kari regularly assists clients responding to data security incidents by helping clients navigate the regulatory and legal landscape through the investigation and notification stages, particularly with respect to international data breach notification obligations, the preparation of required notifications pursuant to state breach notification laws, and development of media strategies. She has prepared data security-readiness solutions for clients by drafting incident response plans and legal playbooks. In addition, Kari counsels clients on cyber risk management, drafts cybersecurity policies, and performs cybersecurity gap and risk assessments.

Kari is both a Certified Information Privacy Professional/United States (CIPP/US) and a Certified Information Privacy Professional/Europe (CIPP/E) through the International Association of Privacy Professionals (IAPP).

Continue Reading


Prior to joining Willkie, Kari was an associate at another major law firm.

  • Best Lawyers: Ones to Watch
    • Mergers and Acquisitions Law (2023-2024)
    • Corporate Law (2023-2024)



University of Iowa College of Law, J.D., 1998 University of Iowa, B.A. (cum laude), 1994

Bar Admissions


Court Admissions

United States District Court, Northern District of Illinois