Karen Lee Lust Photo

Karen’s Data Privacy & Data Security practice involves advising clients across jurisdictions regarding cross-border transfer and information governance issues arising in the US and EU. Karen has also advised regarding GDPR compliance, including structuring and implementing processes and GDPR programs, as well as preparing for and undertaking GDPR audits. Karen counsels clients with regard to best practices and company policies dealing with processing and transfer of personal data of employees and customers, as well as preparing for and responding to data breaches. Karen is CIPP/E certified under the IAPP certification scheme for privacy professionals with regard to European data privacy laws. Representative experience includes:

  • Advising a large medical device manufacturer, with attention to protected health information issues
  • Addressing a data breach by a military defense contractor of multi-jurisdictional employee information
  • Counseling a large international banking conglomerate regarding remediation and retention requirements addressing voluminous hard copy and electronic data, including sensitive personal customer and employee information across multiple jurisdictions


  • University of Illinois College of Law, 2009, J.D., cum laude, Illinois Business Law Journal - Editor-in-Chief; Paul Law Scholarship Recipient
  • University of Maryland, 2004, B.S., International Business

  • Pennsylvania
  • District of Columbia

  • U.S. District Court - Western District of Pennsylvania

  • E-Discovery RoundTable of DC (Co-Founder)
  • APABA-DC - Asian Pacific American Bar Association of DC
  • Allegheny County Bar Association
  • American Bar Association
  • Pennsylvania Bar Association

Civic and Charitable Affiliations

  • Law School Diversity Council Mentorship Program
  • Pittsburgh Public Schools’ Be A 6th Grade Mentor Initiative by the United Way