A 34-page class action was filed against Blackhawk Network for a data breach that occurred on MyPrepaidCenter.com in September of this year. The plaintiffs allege that Blackhawk Network’s failure to prevent or detect this incident was “particularly egregious” since it operates a website where consumers can activate and manage prepaid gift cards, which requires collection

Kathryn Rattigan
Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy and Security Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.
Students Are Buying Drones. Is Your Campus Prepared?
The holiday season is here again, and many university students will return in January sporting a brand-new drone. Drones have come a long way from the unwieldy radio-controlled (RC) copters of the past. Modern drones can operate across several miles with great precision carrying mounted cameras, microphones, and other sensors. However, federal and state regulators…
Class Action Filed Against Commonwealth of Massachusetts for Alleged COVID-19 Contact-Tracing Spyware Installation
This week, a lawsuit was filed in the U.S. District Court of Massachusetts against the Commonwealth of Massachusetts for its use of a COVID-19 contact-tracing app for residents’ mobile phones. However, very few residents voluntarily downloaded the app. The solution? The lawsuit alleges that Massachusetts caused the app to be downloaded to certain residents’ mobile…
Chula Vista Policy to Protect Residents from Certain Surveillance Technology
The City Council of Chula Vista, California (in the San Diego metropolitan area), announced a new policy governing how city law enforcement can use technology to protect residents from data collected by surveillance equipment. The policy was developed by a city task force after the police department began using Automated License Plate Readers in 2020…
Privacy Tip #349 – College Students Targeted by Social Engineering Campaign Impersonating Instagram
Dark Reading reports that thousands of college and university students are being targeted by cyber-attackers who are using a legitimate domain to impersonate Instagram and steal credentials of the users. The attack is able to evade security measures of Microsoft 365 and Exchange.
According to the report, “The socially engineered attack, which has targeted nearly…
Businesses Struggle to Comply with CPRA without Final Regulations
As companies hustle to follow the new California Privacy Rights Act (CPRA) regulations, they’ve hit a substantial hiccup: there aren’t any yet. The California Privacy Rights Agency (CPPA), the newly-created body with administrative authority over the CPRA’s implementation, has yet to release its finalized regulations. The CPRA takes effect on January 1, 2023, and covered…
Are You Ready? The California Privacy Rights Act Could now Apply to Your Business
California law will soon require businesses to treat their employees and business partners as consumers under the California Consumer Privacy Act (CCPA). The CCPA and its successor legislation, the California Privacy Rights Act (CPRA), grant California consumers dignitary rights over their personal information collected and processed by commercial entities that do business in California. The…
More Autonomous Big Rigs Needed on the Road: Why Start There?
Many trucks on the freeway already drive themselves -with an operator on board. These trucks operate smoothly and safely with little to no human intervention. Such vehicles are capable of knowing when to make space and move over when another vehicle is trying to merge and slowing down when they see a vehicle pulled over…
California Privacy Protection Agency Amends Proposed CPRA Regulations
Last week, the California Privacy Protection Agency (CPPA) released updated California Privacy Rights Act (CPRA) draft regulations and a summary of the changes. The regulations remain in the proposal stage and it is unclear when to expect finalized rules, although it is likely that this version will include near final requirements and prohibitions.
While most…
The White House’s AI Bill of Rights: Not for the Robots
The White House Office of Science and Technology Policy (OSTP) released its Blueprint for an AI Bill of Rights and, thankfully, it doesn’t give AI any rights. This (nonbinding) document is meant to provide a best-practice guide for AI system designers and frames those systems’ use as a civil rights issue. The OSTP focused on…