Photo of Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy and Security Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

An Urban Air Mobility (UAM) company, Wisk, announced its new partnership with NASA to assist with safely integrating autonomous aircraft systems at a national level. Wisk joins NASA as part of NASA’s Advanced Air Mobility National Campaign strategy in order to assist with the preparation and development of guidance for UAM operations. Wisk aims to

This week, Governor Andrew Cuomo signed legislation that added text messaging to the state of New York’s definition of telemarketing communication for purposes of its no-call registry. The legislation, S.3941/A.6040, closes the loophole that previously exempted businesses from the no-call registry restrictions when the communication was sent via text. The goal is to increase protections

A new report from Beyond Identity focuses on old, but very important issues—ending  access rights to network systems by terminated employees and the rampant sharing of passwords.

According to the report, it is estimated that almost 25 percent of previous workers still have access to their former employers’ networks through work accounts. This is concerning

Section 2209 of the Federal Aviation Administration Extension, Safety, and Security Act (the Act) requires the Federal Aviation Administration (FAA) to establish defined boundaries protecting “critical infrastructure” from unauthorized drones.  More specifically, the FAA is tasked with defining the precise sites where drones are prohibited from operating. It is likely that the FAA would have

British Airways settled a data breach class action lawsuit this week resulting from a 2018 data breach that affected thousands of its customers.

In 2018, the personal data of approximately 420,000 customers and staff was leaked, including names, addresses, and bank account information. When U.K. regulators investigated this incident in 2018, it was reported that

This week, Volkswagen AG’s U.S. entity and its Audi brand were hit with a class action for a data breach that allegedly compromised 3.3 million consumers’ personal information. In the U.S. District Court for the District of New Jersey, a California consumer filed a suit against the automakers on behalf of other current and prospective

The federal Cybersecurity and Infrastructure Security Agency (CISA) released a few cybersecurity “bad practices” this week to assist in decreasing the volume of knowable and preventable cyber mistakes. These bad practices are aimed at educating critical infrastructure owners and operators, as well as the defense industry and the organizations that support the supply

Last week, Impact MHC, a Colorado-based mobile home park management company, agreed to pay $25,000 to the Colorado Attorney General’s office and implement new security measures after a data breach of more than 15,000 individuals’ personal information, including 719 Colorado residents. If Impact fails to implement such security measures (such as creating a written information