Photo of Roma Patel

Roma Patel

Subscribe to Roma Patel's Posts

Roma Patel focuses her practice on a broad range of data privacy and cybersecurity matters. She handles comprehensive responses to cybersecurity incidents, including business email compromises, network intrusions, inadvertent disclosures and ransomware attacks. In response to privacy and cybersecurity incidents, Roma guides clients through initial response, forensic investigation, and regulatory obligations in a manner that balances legal risks and business or organizational needs. Read her full rc.com bio here.

Contact:Read more about Roma Patel

On October 6, 2025, Bloomberg reported that the Securities and Exchange Commission (SEC) has launched an investigation into AppLovin Corporation’s data-collection practices, following an alleged whistleblower complaint and a series of short-seller reports. We previously covered the shareholder class action against AppLovin in another blog post. The company is a mobile advertising technology business that

On September 29, 2025, Governor Gavin Newsom signed SB 53, the Transparency in Frontier Artificial Intelligence Act (“the Act”) into law, establishing a regulatory framework for developers of advanced artificial intelligence (AI) systems. The law imposes new transparency, reporting, and risk management requirements on entities developing high-capacity AI models. It is the first of its

Last week, we covered the Cybersecurity Maturity Model Certificate (CMMC) Procurement Rule (the Rule), which formalizes cybersecurity as a condition of doing business with the U.S. Department of Defense (DoD). The Rule requires federal contractors and subcontractors to demonstrate they meet the specified security standards before accessing Federal Contract Information (FCI) and Controlled Unclassified Information

In August 2024, The Department of Defense (DoD) released a proposed amendment to the Defense Acquisition Regulations Supplement (DFARS) – which provides acquisition policies and procedures for the DoD – that would require a Cybersecurity Maturity Model Certification (CMMC) program to become a required part of the DoD’s contracting process. The CMMC program is a

In August, the Office for Civil Rights (OCR) published guidance relating to individuals’ rights to access their protected health information (PHI) under HIPAA. As we covered in our earlier blog post about the August guidance, the new FAQs came amidst OCR’s continued enforcement focus on its Right of Access initiative, under which the OCR has

The Telephone Consumer Protection Act of 1991 (TCPA) is a federal law designed to protect consumers from unwanted telemarketing and intrusive solicitation practices. Many states have also enacted similar state laws governing telephone solicitations, so called “mini-TCPAs.” One such state is Texas, which has had a mini-TCPA in place since 2009.

The Texas mini-TCPA applies

On August 11, 2025, the Office for Civil Rights (OCR) published updated guidance relating to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule (Privacy Rule) in the form of two new FAQs. The FAQs clarify the OCR’s position on (1) permitted disclosures of protected health information (PHI) to value-based care arrangements and (2)

On August 11, 2025, the Pennsylvania Office of Attorney General (PA AG) issued a statement on its Facebook account regarding a cyber incident that had affected PA AG systems, including its website, email accounts, and phone lines.

The PA AG has not shared a specific cause of the incident. However, security researcher Kevin Beaumont recognized

On July 24, 2025, during a public meeting following public comment, the California Privacy Protection Agency (CPPA) Board unanimously approved amendments to the California Consumer Privacy Act (CCPA). These substantial changes include new obligations for businesses subject to the CCPA. Significantly, the updates emphasize CPPA’s new regulatory focus over AI decision-making and cybersecurity in addition