Matt Kalmick, JD
Certified Information Privacy Professional (CIPP)

Privacy & Compliance professional in Chicago.

Previously

Industries

AI
Banking
Cannabis
Financial Services
Privacy
SaaS

Services

Advisory

Expert guidance on operational plans, product strategy, regulatory response, and more to minimize risk and identify the most efficient path to compliance.

Audit Management

Assessment and resolution of regulatory agency deficiencies, including corrective action plans and response strategy.

Compliance Audits

Mock compliance audits with corrective action and remediation plans, plus custom audit templates for ongoing internal reviews.

Compliance Trainings

Best-practice compliance training, with options for custom or refreshed materials to keep your team current with the evolving regulatory landscape.

Corporate Policies

Development of essential policies — Code of Ethics, Anti-Bribery, Conflicts, Privacy, Data Protection, and more — to keep your organization operating within ethical and regulatory boundaries.

Licensing, Applications, Permits

Support with state and local licensing applications, representation at hearings, and establishment of a licensing management program for long-term success.

Social Equity/CSR Planning

Development of CSR programs for cannabis companies, including CSR plans, energy and environmental sustainability strategies, and community impact initiatives.

SOP Development

Collaborative process documentation with operations and business teams to ensure organizational goals are met efficiently and compliantly.

Writing

Latest Posts

Third-Party Risk Management: The Compliance Gap Many Organizations Overlook
March 9, 2026

Third-Party Risk Management: The Compliance Gap Many Organizations Overlook

Third-party risk management is one of the most foundational elements of a mature compliance program and one of the most commonly underdeveloped. Organizations spend significant resources building internal policies, training employees, and preparing for audits, then extend access, data, and operational dependencies to third-party vendors without applying anything close to the same rigor. Regulators have noticed.

Read Post
The EU AI Act Is Here: What U.S. Compliance Professionals Should Know
January 21, 2026

The EU AI Act Is Here: What U.S. Compliance Professionals Should Know

The EU's landmark AI regulation carries broad extraterritorial reach that can pull American businesses into scope. With August 2026 bringing the most significant compliance obligations for high-risk AI systems, here's what U.S. compliance professionals need to know now.

Read Post
AI Governance Preparedness: Practical First Steps for any Organization
September 16, 2025

AI Governance Preparedness: Practical First Steps for any Organization

As artificial intelligence continues to reshape the workplace, organizations across industries face a new frontier of risk management. And unlike some other compliance areas that evolved over decades, AI regulation is developing at breakneck speed.

Read Post

About

Matt Kalmick, JD, CIPP/US

I'm a strategic and collaborative leader passionate about building compliance programs that reduce risk and remove regulatory barriers.

From financial services to FinTech and SaaS to cannabis, I have been managing risk and compliance in highly-regulated environments for the last 15 years.

I received my Juris Doctor from Boston College Law School, my Bachelor's Degree from Drew University, and my Certified International Privacy Professional (CIPP) certification from the International Association of Privacy Professionals (IAPP).

Matt Kalmick

Let's connect

Whether you need help with a specific compliance project or want to discuss long-term strategy, I'm here to help.