Photo of Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Singapore-based Chinese video game developer Cognosphere, dba HoYoverse, known for “Genshin Impact,” a role-playing game involving collectible characters with unique fighting skills, has agreed to pay $20 million to settle Federal Trade Commission (FTC) allegations that it violated the Children’s Online Privacy Protection Act (COPPA) and deceived players about the cost of winning certain prizes.

On January 16, 2025, the Federal Trade Commission (FTC) issued a press release stating, “The updated [Children’s Online Privacy Protection Act (COPPA)] rule strengthens key protections for kids’ privacy online. By requiring parents to opt [into] targeted advertising practices, this final rule prohibits platforms and service providers from sharing and monetizing children’s data without active

The California Attorney General published two legal advisories this week:

These advisories seek to remind businesses of consumer rights under the California Consumer Privacy Act, as amended by the

TikTok users are seeking alternate platforms to share and view content as the U.S. is set to ban the popular social media app on January 19, 2025. Instead of turning to U.S.-based companies like Facebook or Instagram, users are flocking to another Chinese app called Xiaohongshu, also known as RedNote. The app, which previously

At the close of 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (the Proposed Rule) to amend the Security Rule regulations established for protecting electronic health information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The updated

2024 was a year chock-full of data breaches and privacy violations. Many new data privacy and cybersecurity regulations were introduced (and became effective), and regulators sent a strong message to businesses that privacy must be at the forefront of their strategy and goals and that robust security controls are required to protect employee and consumer

American Addiction Centers Inc. faces a class action in the Middle District of Tennessee for allegations that it violated the Health Insurance Portability and Accountability Act (HIPAA) by failing to protect patient data from cyber criminals.

In September 2024, American Addiction Centers suffered a cyber-attack that led to the unauthorized access to sensitive personal information

After the conclusion of the public comment period earlier this month, the Colorado Department of Law adopted amendments to the Colorado Privacy Act (CPA). The Act grants rights to Colorado consumers concerning their personal information, including the right to access, delete, and correct their personal data as well as the right to opt out of

This week, the Federal Trade Commission (FTC) issued a proposed consent order to settle allegations against IntelliVision Technologies Corp. (IntelliVision) for making false, misleading, and unsubstantiated claims that its artificial intelligence (AI) facial recognition software, was free of gender and racial bias.

According to the proposed consent order, IntelliVision must cease publicizing misrepresentations of its