Internship Location: Chicago IL
Organization Type: Private Sector
Policy Areas: Privacy and data protection, technology and AI governance, corporate compliance and risk management, cybersecurity
I interned in the privacy and cybersecurity practice at Grant Thornton, where I got to work on three different but overlapping projects that gave me a lot of insight into how privacy, AI, and risk management are handled in real life settings. What I learned is how much thought goes into building scalable compliance tools, especially with evolving regulations. I worked on a client project where we consolidated several Privacy Risk Assessment (PRA) forms into one version using OneTrust, a privacy management platform. We implemented conditional logic so the form could adjust to the user’s role and jurisdiction, which was cool to build out. I also was part of a group intern project on LLM safety and validation to understand bias testing more clearly. We created a recipe cookbook of bias testing methods companies can use within a platform called Project Moonshot. Then, for my individual project, I designed a PRA tailored to LLM use cases and risks and built it out fully in OneTust, using conditional logic to guide user responses. The skills I’ve been learning at La Follette, especially around policy analysis, regulatory design, and ethical implications within technology, helped me understand the bigger picture of what we were doing. I was able to connect client requests to larger public policy issues, like the need for stronger AI governance frameworks and privacy protections that account for cross-border data flows. What surprised me was how collaborative everything was. Even though I worked independently a lot, I was constantly meeting with associates, managers, and even partners who were all open to answering questions and giving me feedback. It was really empowering to be trusted with work that would be shared directly with clients or used in future demos.The most valuable part of the experience was the opportunity to blend technical tools like OneTrust with policy thinking. It’s one thing to learn about privacy law in the classroom, but another to build an actual risk assessment tool that a company might use to assess it’s AI systems. That hands-on experience was interesting to see. I would definitely recommend this internship to other students, especially those interested in tech, law, or corporate compliance. It gives a unique mix of policy research, client work, and tool-building that I don’t think is offered at every internship. It also helped me think more clearly about my future as a lawyer. I realized I’m really drawn to technology and ethics, I can see myself working in privacy law or even tech policy litigation, basically anything that involves shaping how the law responds to emerging risks and protects people’s rights in the digital space.