Kate Lucente’s practice focuses on privacy, cyber security and data governance.
Kate has extensive experience counselling clients in the technology, automotive, communications, AdTech, retail and financial industries. In her practice, Kate counsel’s clients on a broad range of privacy compliance data governance matters, including data governance programs, compliance with US and global privacy laws, risk management and data strategy, compliance assessments, incident response and preparedness, privacy litigation risks, cross-border data flows, AI and machine learning, telematics, biometrics and identity verification, consumer health data, and analytics, advertising and marketing. Kate also represents clients in responding to state and federal privacy enforcement matters and managing privacy litigation risks.
Kate’s practice focuses on:
- Privacy and data governance programs
- Maturity, risk and compliance assessments
- Global compliance advice covering a broad range of issues including advertising and marketing, use of AI, cross-border data transfers, vendor management, employee monitoring, records management, whistleblower programs, and cyber and incident response
- Ongoing management of global privacy compliance programs
- Management of privacy litigation risks
- Data strategy and risk management
- Incident response, including notification and post-incident liability
- Monitoring and responding to global privacy developments and legislative changes
- Compliance with U.S. federal privacy laws and regulations, including CAN-SPAM, TCPA, COPPA, GLBA, ECPA and the CLOUD Act
- Compliance with U.S. state privacy laws and regulations, including:
- The CCPA/CPRA and other comprehensive or “omnibus” state consumer privacy laws
- BIPA and biometrics privacy laws and requirements
- The Washington My Health My Data Act and state consumer health privacy laws
- California Invasion of Privacy Act (CIPA) and state wiretapping and monitoring laws
- The California Age-Appropriate Design Code Act and children’s online privacy laws
- Location tracking and vehicle event data recorders (EDRs)
- Industry self-regulatory programs, including:
- The Digital Advertising Alliance (DAA) self-regulatory principles
- The Alliance for Automotive Innovation (Auto Innovators) Consumer Privacy Protection Principles for Vehicle Technologies and Services
- Product counseling and reviews, including privacy impact assessments, strategy and risk mitigation, and design and implementation of privacy controls and supporting UX/UI
- Risk analysis, strategic advice, and implementation related to global expansions and post-merger integrations
As part of her practice, Kate also regularly:
- Represents clients in responding to privacy-related civil investigative demands (CIDs) and other inquiries from the FTC, state attorneys general, and other regulatory agencies
- Advises major automotive OEMs on compliance with US federal and state privacy laws and industry self-regulatory principles
- Advises major retailers, ecommerce sites and social media platforms on global expansion matters including privacy, ecommerce, consumer protection, advertising and marketing.
- Oversees privacy due diligence reviews and advises on privacy risks and liabilities related to acquisitions, asset sales and related corporate transactions.
- Negotiates privacy and security terms and agreements.
- Drafts and advises on the implementation privacy notices and internal and external privacy policies and procedures.
- Provides policy-related advocacy and guidance to clients regarding proposed privacy and security laws and legislative trends.
In addition to her J.D., Kate also holds a M.A. in Mass Communications Law from the University of Florida, where she concentrated her graduate work and thesis on information privacy laws.
Kate is also the co-editor (2011 - present) of the DLA Piper Laws of the World Handbook, which provides an overview of data protection laws in more than 90 jurisdictions worldwide.