Photo of Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy and Security Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Two more companies will conduct drone operations beyond visual line of sight (BVLOS). Recently, the Federal Aviation Administration (FAA) approved UPS Flight Forward and uAvionix for this type of operation in national airspace. UPS Flight Forward plans to conduct BVLOS drone operations for small-package delivery using a ground-based surveillance system. UPS Flight Forward will conduct

In October 2022, Advocate Aurora Health notified three million individuals of a data breach resulting from its use of tracking pixels on its website for tracking website visitor activity. Now, this month, Advocate Aurora Health settled a class action stemming from that data breach for $12.25 million.

In its breach notification to patients, Advocate Aurora

Earlier this month, the Commissioner of Data Protection of the Dubai International Financial Centre (DIFC), a financial free-zone in the United Arab Emirates (UAE), issued the first adequacy decision regarding the California Consumer Privacy Act (CCPA), which recognizes the CCPA as an equivalent to the DIFC Data Protection Law (DIFC Law No. 5 of 2020, as amended

At the recent Federal Aviation Administration (FAA) Drone Symposium (co-hosted by AUVSI), FAA Deputy Regional Administrator Deb Sanning discussed the impact of autonomy and AI, human/machine integration, and the strategies for gaining public trust in autonomous systems, like drones. Sanning discussed this topic along with Brendan Groves from Skydio; Taylor Lochrane, the Deputy Director for

Recently, the California Privacy Protection Agency (CPPA) announced its new initiative in investigating the data privacy practices of connected vehicle (CV) manufacturers and the related technologies. Generally, the CPPA will focus its regulatory efforts on retail, advertising platforms, online platforms, and hospitality sectors. However, since modern vehicles are now “effectively connected computers on wheels,” collecting lots of information from built-in apps, sensors, and cameras, CVs are just another source of data collection like our laptops and mobile devices. In the CPPA’s press release, the Agency stated that data privacy considerations are “critical” because CVs “often automatically gather consumers’ locations, personal preferences, and details about their daily lives.” Due to these factors, the CPPA will make inquires to CV manufacturers to understand how these companies are complying with the California Consumer Privacy Act and its amendments pursuant to the California Privacy Rights Act (collectively the CCPA).

Here’s what you need to consider if you are in the CV manufacturing industry or related technologies:Continue Reading CPPA Announces Investigation of Connected Vehicle Manufacturers’ Privacy Practices

The White House hosted a roundtable meeting Tuesday on the data brokering industry as a part of an administration-wide push toward strengthening America’s consumer privacy landscape. The meeting brought together researchers, regulators, and consumer advocates. The Biden-Harris Administration has called for stronger national regulations on data brokering, or the buying and selling of personal consumer

The California Attorney General recently announced an initiative to investigate employers’ non-compliance with the California Consumer Privacy Act/California Privacy Rights Act (collectively the CCPA).

At the beginning of this year, the CCPA’s disclosure requirements and consumer rights provisions became applicable to job applicants, employees (and their beneficiaries), and independent contractors. Now, the California AG’s office

As more and more unmanned aerial systems (UAS or drones) hit the skies, the Federal Aviation Administration (FAA) issued the UAS Remote Identification (RID) Rule to increase airspace safety and security. The time has come for the Rule to go into effect. As of September, the FAA’s remote ID requirements take effect. This means that

This week, the California Superior Court ruled that the California Privacy Protection Agency (CPPA) cannot begin enforcement of the California Privacy Rights Act (CPRA) until March 2024. The ruling stems from a lawsuit filed by the California Chamber of Commerce which argued that state businesses would not have enough time to prepare for the upcoming