Kate Lucente

Kate Lucente


Kate Lucente’s practice focuses on privacy, cyber security and data governance.

Kate has extensive experience counselling clients in the technology, automotive, communications, AdTech, retail and financial industries. In her practice, Kate counsel’s clients on a broad range of privacy compliance data governance matters, including data governance programs, compliance with US and global privacy laws, risk management and data strategy, compliance assessments, incident response and preparedness, privacy litigation risks, cross-border data flows, AI and machine learning, telematics, biometrics and identity verification, consumer health data, and analytics, advertising and marketing.  Kate also represents clients in responding to state and federal privacy enforcement matters and managing privacy litigation risks. 

Kate’s practice focuses on:

  • Privacy and data governance programs
  • Maturity, risk and compliance assessments
  • Global compliance advice covering a broad range of issues including advertising and marketing, use of AI, cross-border data transfers, vendor management, employee monitoring, records management, whistleblower programs, and cyber and incident response
  • Ongoing management of global privacy compliance programs 
  • Management of privacy litigation risks
  • Data strategy and risk management
  • Incident response, including notification and post-incident liability   
  • Monitoring and responding to global privacy developments and legislative changes
  • Compliance with U.S. federal privacy laws and regulations, including CAN-SPAM, TCPA, COPPA, GLBA, ECPA and the CLOUD Act
  • Compliance with U.S. state privacy laws and regulations, including:
    • The CCPA/CPRA and other comprehensive or “omnibus” state consumer privacy laws
    • BIPA and biometrics privacy laws and requirements
    • The Washington My Health My Data Act and state consumer health privacy laws
    • California Invasion of Privacy Act (CIPA) and state wiretapping and monitoring laws
    • The California Age-Appropriate Design Code Act and children’s online privacy laws
    • Location tracking and vehicle event data recorders (EDRs) 
  • Industry self-regulatory programs, including:
    • The Digital Advertising Alliance (DAA) self-regulatory principles
    • The Alliance for Automotive Innovation (Auto Innovators) Consumer Privacy Protection Principles for Vehicle Technologies and Services 
  • Product counseling and reviews, including privacy impact assessments, strategy and risk mitigation, and design and implementation of privacy controls and supporting UX/UI
  • Risk analysis, strategic advice, and implementation related to global expansions and post-merger integrations
    As part of her practice, Kate also regularly:
  • Represents clients in responding to privacy-related civil investigative demands (CIDs) and other inquiries from the FTC, state attorneys general, and other regulatory agencies
  • Advises major automotive OEMs on compliance with US federal and state privacy laws and industry self-regulatory principles
  • Advises major retailers, ecommerce sites and social media platforms on global expansion matters including privacy, ecommerce, consumer protection, advertising and marketing.
  • Oversees privacy due diligence reviews and advises on privacy risks and liabilities related to acquisitions, asset sales and related corporate transactions.
  • Negotiates privacy and security terms and agreements.
  • Drafts and advises on the implementation privacy notices and internal and external privacy policies and procedures.
  • Provides policy-related advocacy and guidance to clients regarding proposed privacy and security laws and legislative trends.

In addition to her J.D., Kate also holds a M.A. in Mass Communications Law from the University of Florida, where she concentrated her graduate work and thesis on information privacy laws.

Kate is also the co-editor (2011 - present) of the DLA Piper Laws of the World Handbook, which provides an overview of data protection laws in more than 90 jurisdictions worldwide.

Bar admissionsFloridaWashington
CourtsUnited States Court of Appeals for the Eleventh CircuitUnited States District Court for the Middle District of FloridaUnited States District Court for the Southern District of Florida
  • J.D., University of Florida College of Law
  • M.A., Privacy and Mass Communications Law, University of Florida
  • B.S., Communications, University of North Florida


  • The Legal 500 United States
    • Recommended, Media, Technology, and Telecoms Cyber Law (including Data Privacy and Data Protection) (2021)


  • Co-Editor, "DLA Piper Data Protection Laws of the World Handbook," 2011-present
  • "Perspectives: One law firm's take on the new draft CCPA regulations," IAPP, 11 Oct 2019
  • The government in your cloud, 24 July 2019
  • "The Internet of Things: EU vs US guidance," 9 Jun 2015
  • "Data privacy law: the top global developments in 2018 and what 2019 may bring," 28 Jan 2019
  • "New York State releases cybersecurity, report on insurance industry, will assess New York-regulated Insurers' cybersecurity," 11 Feb 2015
  • Co-author, "Recent Developments Affecting Corporate Counsel," Tort Trial and Insurance Practice Law Journal, Fall 2013 (48:1)


  • Speaker, Workshop: Privacy and Information Security: Getting your House in Order for 2024 and Beyond, National Association of Women’s Lawyers (NAWL), General Counsel Institute, November 9, 2023
  • Speaker, California Consumer Privacy Act and AdTech, September 17, 2019 (Webinar)
  • Speaker, The California Consumer Privacy Act and your cloud architecture, May 8, 2019 (Webinar)
  • Speaker, IAPP Webinar: How to Modify Your GDPR SAR Practices for the CCPA, March 21, 2019 (Webinar)
  • Speaker, Operationalizing CCPA, Jan 16, 2019 (Webinar)
  • Speaker, Bloomberg BNA webinar: Data Regulations Have Changed: Are You Ready?, Nov.
  • Speaker, California Consumer Privacy Act and GDPR – how do they differ?, November 18, 2018 (Webinar)
  • Speaker, Privacy Laws are Changing – are you ready?, PaymentsEd Forum (Boston), 6 Aug 2018
  • Speaker, Biometrics Privacy Laws and Trends, IAPP KnowlegeNet, Scottsdale, AZ, March 28, 2017
  • Speaker, DLA Piper’s Privacy Talks Series: Update on Privacy Shield, Sept. 22, 2016 (Webinar)
  • Speaker, Cross-Border Issues – Proactive and Reactive Tips, eDiscovery Forum, Oct. 6, 2016
  • Speaker, From Safe Harbor to Privacy Shield – What Now? Webinar
  • Speaker, GDPR: Are You Ready?, Seattle, San Francisco, Palo Alto, June 15-17, 2016
  • Speaker, Key Data Privacy and Security Issues for Companies of All Sizes, May 2016
  • Speaker, Privacy Talks Series - Update on Privacy Shield, Webinar, Sep 2016
  • Speaker, From Safe Harbor to Privacy Shield: what now? Webinar; July 2016

Media Mentions

  • "Industry Plays Whack-a-Mole to Fight Slew of State Privacy Bills," Advertising Age, February 16, 2017
  • “How data privacy practices could make or break the sale of your company,” GeekWire, Dec. 21, 2016
  • “Privacy Laws: How the US, EU and others protect IoT data (or don't),” ZDNet, March 7, 2016
  • “IoT Security Begins with Risk Assessment,” eSecurity Planet,” May 9, 2016

Prior Experience

Prior to her legal career, Kate worked for several years in the financial services and communications industries.

Memberships And Affiliations

  • International Association of Privacy Professionals
  • Women in Privacy
  • American Bar Association
  • Chief