Photo of Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy and Security Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

California Governor Gavin Newsom signed the California Age-Appropriate Design Code Act (the Act) into law last week. This new law will require those online service providers likely to be accessed by children under 18 years old to comply with heightened privacy requirements, including incorporating privacy-by-default and privacy-by-design into their products. The 18-year age threshold for

Last year, the New York City Council passed Local Law Int. No. 1894-A, which amended the City’s administrative code to afford new protections to employees during the hiring and promotion processes. The law protects those individuals from unlawful bias by the employer when automated employment decision tools are used. Employers must conduct AI tool audits to

A new class action lawsuit was filed in federal court in California against Oracle America, Inc., alleging that it A new class action lawsuit was filed in federal court in California against Oracle America, Inc., alleging that it has been invading consumers’ privacy by using tracking technologies to build “digital dossiers” on individual internet users

In the first of its kind under the California Consumer Privacy Act (CCPA), Sephora settled an enforcement action with the California Attorney General for violation of the CCPA. Sephora must pay $1.2 million in penalties and implement a CCPA compliance program. The enforcement action alleged that Sephora permitted third parties to create customer profiles that

The Virginia Tech Mid-Atlantic Aviation Partnership (MAAP) was selected to lead one of the teams participating in the Federal Aviation Administration’s (FAA) unmanned aircraft systems (UAS) traffic management (UTM) Field Test. The UTM Field Test is a research project designed to evaluate the technology and standards being developed to help safely coordinate and prioritize drone

A subpoena was issued to Alight Solutions by the U.S. Department of Labor (DOL) for documents related to a cybersecurity breach that potentially resulted in Employee Retirement Income Security Act (ERISA) violations. Alight provides recordkeeping, administrative, and consulting services for over 750 employee benefit plans with more than 20 million plan participants.

The DOL began

Hyundai Motor Group announced the launch of Boston Dynamics AI Institute (the Institute), which will work toward making strides in artificial intelligence (AI), robotics, and intelligent machines. The Institute will focus on research related to solutions for the challenges faced in the creation of advanced robots and the need for advanced capabilities and uses. The

ACTS Retirement Services, Inc. (ACTS), a non-profit corporation that manages retirement communities, suffered a data breach in April 2022, which led to unauthorized access to thousands of current and former employees’ personal information. Specifically, names, Social Security numbers, and financial information were effected. As a result of this incident, ACTS now faces a data breach

This week, the Federal Aviation Administration (FAA) issued a task order contract to the New York UAS Test Site for an unmanned aircraft system (UAS or drone) integration project. The project is designed to assist in the development of a UAS traffic management (UTM) system and to promote the safe operation of high-volume drone operations.