Photo of Roma Patel

Roma Patel

Subscribe to Roma Patel's Posts

Roma Patel focuses her practice on a broad range of data privacy and cybersecurity matters. She handles comprehensive responses to cybersecurity incidents, including business email compromises, network intrusions, inadvertent disclosures and ransomware attacks. In response to privacy and cybersecurity incidents, Roma guides clients through initial response, forensic investigation, and regulatory obligations in a manner that balances legal risks and business or organizational needs. Read her full rc.com bio here.

Follow:Read more about Roma PatelRoma's Linkedin Profile

On November 6, 2025, Texas reached a settlement regarding Senate Bill 140 (SB 140), which set forth amendments to the “state’s mini-TCPA” (Chapters 301-305 of the state’s Business and Commerce Code). In a joint motion to dismiss, the state clarified that businesses who only send marketing texts to users who have opted in need not

A November 4, 2025, ruling in Brooks v. WarnerMedia Direct, LLC, offers a clear reminder for organizations that changes to terms of service, especially those impacting where consumer disputes are heard, can have direct operational consequences. For WarnerMedia, the parent company of HBO Max, the result is a split process in which consumer privacy claims

On February 8, 2024, the Department of Health & Human Services (HHS) published its final rule updating the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations under 42 C.F.R. Part 2 (Part 2), bringing Part 2 requirements closer to the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information

Gift cards are a perennial favorite for holiday shoppers. They’re easy to wrap, universally appreciated, and always the right size. But as gift-giving season approaches, it’s important to remember that gift cards are also a common target for scams. In 2024, Governor Phil Murphy signed into law new requirements governing the sale and display of

A class action complaint filed in the Northern District of California on October 17, 2025, alleges that entertainment and arcade franchise Dave & Buster’s Entertainment Inc., misled website visitors about users’ ability to reject cookies and tracking technologies. The lawsuit, brought by two California residents, claims that the Dave & Buster’s website continued to place

On October 9, 2025, the Northern District of California denied Mashable, Inc.’s motion to dismiss a class action alleging violations of the California Invasion of Privacy Act (CIPA). Mashable operates a digital news and entertainment website that publishes articles and multimedia content online. The plaintiff alleged that Mashable disclosed the IP addresses and device identifiers

On October 6, 2025, Bloomberg reported that the Securities and Exchange Commission (SEC) has launched an investigation into AppLovin Corporation’s data-collection practices, following an alleged whistleblower complaint and a series of short-seller reports. We previously covered the shareholder class action against AppLovin in another blog post. The company is a mobile advertising technology business that

On September 29, 2025, Governor Gavin Newsom signed SB 53, the Transparency in Frontier Artificial Intelligence Act (“the Act”) into law, establishing a regulatory framework for developers of advanced artificial intelligence (AI) systems. The law imposes new transparency, reporting, and risk management requirements on entities developing high-capacity AI models. It is the first of its