Photo of Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy and Security Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

This week, Delaware Governor John Carney signed the Delaware Personal Data Privacy Act into law. The bill goes into effect on January 1, 2025, and a public outreach effort will begin by July 1, 2024. The outreach effort will inform Delaware consumers of their rights under the new law and describe businesses’ obligations. Delaware is

This week the Federal Aviation Administration (FAA) announced that drone pilots who are unable to comply with the Remote ID Rule broadcast requirement will have until March 16, 2024, to equip their drone appropriately. If a drone pilot fails to comply with this requirement after this extended deadline, the pilot could be subject to fines

On September 8, 2023, the California Privacy Protection Agency (CPPA) will discuss the two new sets of proposed California Privacy Protection Act (CCPA) regulations. Here is a breakdown of the two new proposed regulations and issues up for discussion:

Auditing Requirements: If a business processes data that poses a “significant risk to consumers’ security”

Two more companies will conduct drone operations beyond visual line of sight (BVLOS). Recently, the Federal Aviation Administration (FAA) approved UPS Flight Forward and uAvionix for this type of operation in national airspace. UPS Flight Forward plans to conduct BVLOS drone operations for small-package delivery using a ground-based surveillance system. UPS Flight Forward will conduct

In October 2022, Advocate Aurora Health notified three million individuals of a data breach resulting from its use of tracking pixels on its website for tracking website visitor activity. Now, this month, Advocate Aurora Health settled a class action stemming from that data breach for $12.25 million.

In its breach notification to patients, Advocate Aurora

Earlier this month, the Commissioner of Data Protection of the Dubai International Financial Centre (DIFC), a financial free-zone in the United Arab Emirates (UAE), issued the first adequacy decision regarding the California Consumer Privacy Act (CCPA), which recognizes the CCPA as an equivalent to the DIFC Data Protection Law (DIFC Law No. 5 of 2020, as amended

At the recent Federal Aviation Administration (FAA) Drone Symposium (co-hosted by AUVSI), FAA Deputy Regional Administrator Deb Sanning discussed the impact of autonomy and AI, human/machine integration, and the strategies for gaining public trust in autonomous systems, like drones. Sanning discussed this topic along with Brendan Groves from Skydio; Taylor Lochrane, the Deputy Director for

Recently, the California Privacy Protection Agency (CPPA) announced its new initiative in investigating the data privacy practices of connected vehicle (CV) manufacturers and the related technologies. Generally, the CPPA will focus its regulatory efforts on retail, advertising platforms, online platforms, and hospitality sectors. However, since modern vehicles are now “effectively connected computers on wheels,” collecting lots of information from built-in apps, sensors, and cameras, CVs are just another source of data collection like our laptops and mobile devices. In the CPPA’s press release, the Agency stated that data privacy considerations are “critical” because CVs “often automatically gather consumers’ locations, personal preferences, and details about their daily lives.” Due to these factors, the CPPA will make inquires to CV manufacturers to understand how these companies are complying with the California Consumer Privacy Act and its amendments pursuant to the California Privacy Rights Act (collectively the CCPA).

Here’s what you need to consider if you are in the CV manufacturing industry or related technologies:

Continue Reading CPPA Announces Investigation of Connected Vehicle Manufacturers’ Privacy Practices

The White House hosted a roundtable meeting Tuesday on the data brokering industry as a part of an administration-wide push toward strengthening America’s consumer privacy landscape. The meeting brought together researchers, regulators, and consumer advocates. The Biden-Harris Administration has called for stronger national regulations on data brokering, or the buying and selling of personal consumer

The California Attorney General recently announced an initiative to investigate employers’ non-compliance with the California Consumer Privacy Act/California Privacy Rights Act (collectively the CCPA).

At the beginning of this year, the CCPA’s disclosure requirements and consumer rights provisions became applicable to job applicants, employees (and their beneficiaries), and independent contractors. Now, the California AG’s office