Photo of Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy and Security Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

A recent study found that some data brokers are selling highly sensitive data relating to consumers’ mental health conditions on the open market with minimal vetting of their customers and few controls on how these purchasers use the data. The study, conducted by a researcher at Duke University’s Technology Policy Lab, found that 11 out

The Office of the California Attorney General recently announced that it will initiate an investigative sweep and will start sending letters to businesses about their mobile apps for failure to comply with the California Consumer Privacy Act (CCPA). There is also a new online tool that allows consumers to directly notify a business of an

The California Privacy Protection Agency (CPPA) Board will hold its third public hearing on February 3, 2023, at 10 am PST.

The meeting will open with the Chairperson’s Update, during which CPPA Chairperson Jennifer Urban will likely address the status of the delayed California Privacy Rights Act (CPRA) regulations. Chairperson Urban is also a

Readers of this blog know that we’ve been closely following the California Privacy Rights Act (CPRA) rulemaking process. California passed the law in 2020 to update the California Consumer Privacy Act of 2018 with additional consumer rights and business obligations. The CPRA also established a new government agency, the California Privacy Protection Agency (CPPA), responsible

An Illinois appellate court has ruled that Apple’s biometric unlock features, including Touch ID fingerprint scanning and Face ID facial geometry scanning, do not violate the state’s Biometric Information Privacy Act (BIPA). The case involved a group of Illinois residents who alleged that Apple’s Face ID feature impermissibly collects facial geometries from pictures stored in

Readers of this blog know that we’ve been closely following the California Privacy Rights Act (CPRA) rulemaking process [view related post]. California passed the law in 2020 to update the California Consumer Privacy Act of 2018 with additional consumer rights and business obligations. The CPRA also established a new government agency, the California Privacy

Epic Games $520 Million Settlement with FTC for Unfair Practices and COPPA Violations

In a recent agreement totaling $520 million, Epic Games, Inc. (Epic), maker of the popular Fortnite video game, settled allegations posed by the Federal Trade Commission (FTC) that it violated the Children’s Online Privacy Protection Act (COPPA). The FTC’s complaint alleged that

Artificial intelligence (AI) development company, DoNotPay, developed an AI robot app, which will act as “The World’s First Robot Lawyer” by listening in on court proceedings via the defendant’s phone while the defendant listens through an earpiece. This AI Robot is, more simply put, a chatbot. The technology was originally designed to contest parking tickets

Since the California Privacy Protection Agency (CPPA) released its draft regulations pursuant to the California Privacy Rights Act (CPRA), the biggest gripe from businesses has been the website tracking opt-out requirements. Recognition of opt-out requests from consumers could potentially cost companies some significant dollars.

The CPRA amends the California Consumer Privacy Act of 2020 and

A 34-page class action was filed against Blackhawk Network for a data breach that occurred on MyPrepaidCenter.com in September of this year. The plaintiffs allege that Blackhawk Network’s failure to prevent or detect this incident was “particularly egregious” since it operates a website where consumers can activate and manage prepaid gift cards, which requires collection