On May 17, 2024, Colorado Governor Jared Polis signed, “with reservations,” Senate Bill 42-205, “Concerning Consumer Protections in Interactions with Artificial Intelligence Systems” (the Act). The first of its kind in the United States, the Act takes effect on February 1, 2026, and requires artificial intelligence (AI) developers, and businesses that use high-risk AI systems
Kathryn Rattigan
Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.
David’s Bridal Hit with Class Actions Over Two Data Breaches
This week, two class actions were filed in the U.S. District Court for the Eastern District of Pennsylvania against David’s Bridal based on two data breaches. The actions allege that David’s Bridal failed to protect the personal information of employees and customers.
In January 2024, David’s Bridal suffered a ransomware attack instigated by ransomware group…
Tracfone Settles FCC Investigation for $16 Million
This week, the Federal Communications Commission (FCC) announced a settlement with TracFone Wireless to resolve investigations into whether TracFone failed to reasonably protect its customers’ information from unauthorized access in connection with three data breaches.
The breaches occurred between January 2021 and January 2023. Each of these data breaches involved the exploitation of application programming…
California Privacy Protection Agency Announces Additional Enforcement Focuses
The regulatory enforcement agency for the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the CCPA), the California Privacy Protection Agency (CPPA) announced additional enforcement focuses this week, including an emphasis on dark patterns on businesses’ websites. Michael Macko, Deputy Director of the CPPA, said, “The number of investigations we…
CDK Car Dealership Software Breached, Lawsuits Filed
Last month, multiple car dealerships and auto repair shops filed federal lawsuits against CDK Global LLC, a technology company providing software to the automotive, heavy truck, recreation, and heavy equipment industries, as a result of a data breach that caused its dealership management software systems to be out of commission.
The incident occurred last month…
FCC Considers Updates to Telephone Consumer Protection Act
The Telephone Consumer Protection Act (TCPA) has not been updated in over 30 years. The Federal Communications Commission (FCC) has been asked by Congress to take “decisive action in addressing the escalating issue of fraudulent and scam text messages that target American consumers.” The TCPA restricts the hours in which telemarketers can call, prevents businesses…
Minnesota’s Comprehensive Data Privacy Law: Does it Apply and How is it Different than Other Privacy Laws?
Minnesota was the nineteenth state to pass a comprehensive data privacy law, the Minnesota Consumer Privacy Act (H.F. 4757) (MCPA), which becomes effective on July 31, 2025.
While we continue to see more of these laws popping up across the country, one of the most important analyses that a business can do when these new…
California Attorney General Settles Third CCPA Enforcement Action
Following the Sephora and DoorDash enforcement actions, on June 18, 2024, the California Attorney General announced its third California Consumer Privacy Act (CCPA) enforcement action against Tilting Point Media LLC. Tilting Point is a mobile video game developer, including children’s games. The California AG alleged that Tilting Point collected and shared children’s data without parental…
Marriott Faces Class Action for Alleged Violation of Illinois Biometrics Law
This week Marriott Hotel Services was hit with a class action lawsuit for alleged violations of the Illinois’ Biometrics Information Privacy Act (BIPA). The lawsuit alleges that the hotel violated BIPA by requiring workers to scan their fingerprints as a means to clock in at work without proper notice or consent.
BIPA prohibits businesses from:…
Vermont Data Privacy Act, Most Robust Consumer Protections Since CCPA
Last week, the Vermont legislature passed H. 121, the Vermont Data Privacy Act. This law will make Vermont the 18th state to grant consumers privacy rights similar to those under the California Consumer Privacy Act (CCPA). It is scheduled to go into effect on July 1, 2025.
While the Vermont Data Privacy Act…