Should kids be on social media? At what age? Should parents monitor their conversations on those platforms? Do parental controls work? These are questions facing many parents and guardians, especially with the increasing use of social media platforms by kids and teens. The Pew Research Center reported that 58% of teens are daily users of
Kathryn Rattigan
Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.
Labor Union Faces Class Action for Data Breach
A class action complaint was filed against the International Brotherhood of Electrical Workers (IBEW) labor union for a data breach that occurred between March 31 and April 5, 2024. IBEW represents individuals who work in a wide variety of fields, including utilities, construction, telecommunications, broadcasting, manufacturing, railroads, and government. The security incident resulted in unauthorized…
Department of Defense’s Proposed Amendment to DFARS for Inclusion of Cybersecurity Maturity Model Certification in Contracts
Last week, the U.S. Department of Defense (DoD) released a proposed amendment to the Defense Acquisition Regulations Supplement (DFARS) that would require a Cybersecurity Maturity Model Certification (CMMC) program to become a required part of the DoD’s contracting process. The CMMC program is a DoD program that helps businesses meet security requirements for their work…
Biometric Data Collection Leads to Class Action Lawsuit under Illinois Privacy Law
Candid Color Systems Inc., based in Oklahoma, faces a class action lawsuit for its alleged violations of the Illinois Biometric Information Privacy Act (BIPA). Candid Colors offers marketing services to photographers, including photo-matching technology that allows consumers to identify all of the photos taken of a particular student at a graduation ceremony.
The complaint, filed…
Texas AG Sues General Motors for Illegal Data Collection
This week, Ken Paxton, the Texas Attorney General, filed suit against General Motors for alleged violations of the Texas Deceptive Trade Practices Act in collecting and selling drivers’ data to insurers without consumer consent.
In June, the Attorney General’s office announced an investigation into several car manufacturers for alleged collection of mass amounts of data…
New York Attorney General Issues Website Tracking Guidelines for Businesses and Consumers
This week, the New York Attorney General issued two privacy guides—one for businesses and one for consumers—outlining online tracking and privacy controls for websites and browsers.
The investigation found that many websites’ consent-management tools failed to transmit opt-out signals to their tag-management tool, which is used to simplify tag management. This results in the…
Illinois Biometric Information Privacy Act Amendment May Make Waves in Litigation Trends
Last week, Illinois Governor JB Pritzker signed S.B. 2979 to amend the Biometric Information Privacy Act (BIPA) immediately to define the repeated collection of the same biometric data without consent as a SINGLE, COLLECTIVE violation of the Act–this is a significant change. The precedent set by the Illinois Supreme Court in February 2023 in Cothron…
Colorado’s First of its Kind Consumer Protections for Artificial Intelligence
On May 17, 2024, Colorado Governor Jared Polis signed, “with reservations,” Senate Bill 42-205, “Concerning Consumer Protections in Interactions with Artificial Intelligence Systems” (the Act). The first of its kind in the United States, the Act takes effect on February 1, 2026, and requires artificial intelligence (AI) developers, and businesses that use high-risk AI systems…
David’s Bridal Hit with Class Actions Over Two Data Breaches
This week, two class actions were filed in the U.S. District Court for the Eastern District of Pennsylvania against David’s Bridal based on two data breaches. The actions allege that David’s Bridal failed to protect the personal information of employees and customers.
In January 2024, David’s Bridal suffered a ransomware attack instigated by ransomware group…
Tracfone Settles FCC Investigation for $16 Million
This week, the Federal Communications Commission (FCC) announced a settlement with TracFone Wireless to resolve investigations into whether TracFone failed to reasonably protect its customers’ information from unauthorized access in connection with three data breaches.
The breaches occurred between January 2021 and January 2023. Each of these data breaches involved the exploitation of application programming…