Kristen N. Ricci is a data privacy and cybersecurity attorney in Holland & Knight's Philadelphia office. Ms. Ricci leverages her experience to provide legal guidance on a wide array of counseling, transactional and incident response matters.

Ms. Ricci provides pragmatic, tailored and actionable advice across the following areas:

  • Counseling. Ms. Ricci advises clients on federal, state and international privacy laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), New York SHIELD Act, Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), the Children's Online Privacy Protection Act (COPPA) and the Telephone Consumer Protection Act (TCPA).
  • Incident Response. Ms. Ricci has counseled hundreds of clients in responding to a variety of data breaches, including phishing incidents, ransomware, insider threats and state-sponsored network intrusions. She also counsels clients on regulatory and state attorney general investigations.
  • Transactions. Ms. Ricci advises clients on technology and data privacy agreements, such as software as a service (SaaS) agreements, data protection agreements and data use agreements. Additionally, she assists clients in the development of emerging technologies, including advertising technology (AdTech) and artificial intelligence (AI).
  • Mergers and Acquisitions. Ms. Ricci counsels clients on privacy and security risks in merger, acquisition and divestiture transactions.

Ms. Ricci is an International Association of Privacy Professionals (IAPP) Certified Information Privacy Professional/United States (CIPP/US). She has also received training on industry frameworks, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

Prior to joining Holland & Knight, Ms. Ricci was an associate at a boutique cybersecurity firm and an attorney at a national law firm in its Philadelphia office. During law school, Ms. Ricci was an honors legal intern at the U.S. Securities and Exchange Commission (SEC), where she focused on regulatory compliance and internal investigations.

Representative Experience

  • Represented a politician's nonprofit organization in connection with a suspected nation-state cyberattack
  • Represented a national restaurant chain in its investigation of – and remediation of – payment terminal skimmers
  • Represented a pharmaceutical company in connection with the theft of trade secrets and protected health information (PHI) by a former employee
  • Represented a blockchain software provider in an extortion attempt by cybercriminals
  • Represented a school district in connection with a ransomware attack and subsequent ransom demand negotiation
  • Represented an airport authority in connection with the theft of employee personal information
  • Represented an international manufacturing company in connection with a wire transfer scheme
  • Represented a national real estate company in connection with a business email compromise and subsequent regulatory investigation
  • Represented a national global logistics provider in connection with the inadvertent disclosure of customer personal information
  • Represented an international luxury car manufacturer in connection with a phishing attack

  • Developed privacy programs for entities across all sectors, including finance, real estate, healthcare, cannabis, retail and ecommerce
  • Prepared Health Insurance Portability and Accountability Act (HIPAA) policies and procedures for digital health providers and hospitals
  • Established an information security program for a nonprofit providing safe passage, repatriation, and resettlement to Americans and Afghan allies
  • Advised on privacy issues affecting international clients, including cross-border data transfers and data protection impact assessments
  • Represented clients in the establishment of digital health services offerings, including telehealth counseling services
  • Advised clients on written information security policies addressing information governance and cybersecurity risk management
  • Assisted an insurance company in its development of artificial intelligence technology involving the use of consumer biometrics
  • Advised a startup company on global privacy laws for child-facing educational apps and online services
  • Conducted merger and acquisition due diligence for acquisition of an e-gaming company
  • Counseled an online casino on geolocation issues 
  • Developed a marketing program for a lead generation company
  • Assisted an analytics provider on development of advertising technology (AdTech)


  • University of Maryland School of Law, J.D.
  • Frostburg State University, B.S., Psychology, cum laude
Bar Admissions/Licenses
  • New Jersey
  • Pennsylvania


Speaking Engagements