Overview
Kristen N. Ricci is a data privacy and cybersecurity attorney in Holland & Knight's Philadelphia office. Ms. Ricci helps clients navigate the complex and evolving web of privacy laws to develop practical, risk-adjusted solutions that enable innovation and growth.
Ms. Ricci advises organizations across industries, with particular experience in the telecommunications and entertainment industries, financial services, digital health and emerging companies. Ms. Ricci combines legal precision with a strategic understanding of technology and business operations to design defensible and forward-looking privacy programs that balance regulatory obligations with commercial objectives.
Ms. Ricci also has experience helping hundreds of clients navigate complex cybersecurity incidents, including ransomware, insider threats and state-sponsored intrusions. She also works closely with clients on proactive cyber risk management, conducting tabletop exercises and building resilience before incidents occur.
Ms. Ricci's practice also includes:
- providing strategic counsel to clients on complex children's privacy issues, including compliance with the Children's Online Privacy Protection Act (COPPA), age-assurance laws and age-appropriate design codes
- partnering with clients to develop innovative and compliant technologies, products and services
- advising clients on advertising technology (AdTech) initiatives, with a focus on healthcare and other highly regulated industries
- helping clients develop compliant marketing campaigns, with extensive knowledge and experience with the Telephone Consumer Protection Act (TCPA) and 10-digit long code (10DLC) compliance
- helping clients shape the privacy landscape by developing legislative and policy positions on emerging data issues, including children's privacy
- drafting and negotiating of a wide range of privacy-related contracts, including data processing addenda and data use agreements
- counseling clients on privacy and security risks in merger, acquisition and divestiture transactions
Ms. Ricci is an International Association of Privacy Professionals (IAPP) Certified Information Privacy Professional/United States (CIPP/US). She has also received training on industry frameworks, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
Prior to joining Holland & Knight, Ms. Ricci was an associate at a boutique cybersecurity firm and an attorney at a national law firm in its Philadelphia office. While in law school, Ms. Ricci was an honors legal intern at the U.S. Securities and Exchange Commission (SEC), where she focused on regulatory compliance and internal investigations.
Representative Experience
- Completed a secondment at one of the largest investment banks in the world, where she was responsible for privacy counseling and incident response matters
- Completed a secondment at a Fortune 50 telecommunications company, where she was responsible for advancing the company's privacy program
- Completed a secondment at a sports and entertainment company, where she was responsible for developing the company's privacy program
- Represented a politician's nonprofit organization in connection with a suspected nation-state cyberattack
- Represented a national restaurant chain in its investigation of – and remediation of – payment terminal skimmers
- Represented a pharmaceutical company in connection with the theft of trade secrets and protected health information (PHI) by a former employee
- Represented a blockchain software provider in an extortion attempt by cybercriminals
- Represented a school district in connection with a ransomware attack and subsequent ransom demand negotiation
- Represented an airport authority in connection with the theft of employee personal information
- Represented an international manufacturing company in connection with a wire transfer scheme
- Represented a national real estate company in connection with a business email compromise and subsequent regulatory investigation
- Represented a national global logistics provider in connection with the inadvertent disclosure of customer personal information
- Represented an international luxury car manufacturer in connection with a phishing attack
- Developed privacy programs for entities across all sectors, including finance, real estate, healthcare, cannabis, retail and ecommerce
- Prepared Health Insurance Portability and Accountability Act (HIPAA) policies and procedures for digital health providers and hospitals
- Established an information security program for a nonprofit providing safe passage, repatriation and resettlement to Americans and Afghan allies
- Advised on privacy issues affecting international clients, including cross-border data transfers and data protection impact assessments
- Represented clients in the establishment of digital health services offerings, including telehealth counseling services
- Advised clients on written information security policies addressing information governance and cybersecurity risk management
- Assisted an insurance company in its development of artificial intelligence (AI) technology involving the use of consumer biometrics
- Advised a startup company on global privacy laws for child-facing educational apps and online services
- Conducted merger and acquisition (M&A) due diligence for acquisition of an e-gaming company
- Counseled an online casino on geolocation issues
- Developed a marketing program for a lead generation company
- Assisted an analytics provider on development of advertising technology (AdTech)
Credentials
- University of Maryland School of Law, J.D.
- Frostburg State University, B.S., Psychology, cum laude
- New Jersey
- Pennsylvania