Photo of Roma Patel

Roma Patel

Subscribe to Roma Patel's Posts

Roma Patel focuses her practice on a broad range of data privacy and cybersecurity matters. She handles comprehensive responses to cybersecurity incidents, including business email compromises, network intrusions, inadvertent disclosures and ransomware attacks. In response to privacy and cybersecurity incidents, Roma guides clients through initial response, forensic investigation, and regulatory obligations in a manner that balances legal risks and business or organizational needs. Read her full rc.com bio here.

Contact:Read more about Roma Patel

In August 2024, The Department of Defense (DoD) released a proposed amendment to the Defense Acquisition Regulations Supplement (DFARS) – which provides acquisition policies and procedures for the DoD – that would require a Cybersecurity Maturity Model Certification (CMMC) program to become a required part of the DoD’s contracting process. The CMMC program is a

In August, the Office for Civil Rights (OCR) published guidance relating to individuals’ rights to access their protected health information (PHI) under HIPAA. As we covered in our earlier blog post about the August guidance, the new FAQs came amidst OCR’s continued enforcement focus on its Right of Access initiative, under which the OCR has

The Telephone Consumer Protection Act of 1991 (TCPA) is a federal law designed to protect consumers from unwanted telemarketing and intrusive solicitation practices. Many states have also enacted similar state laws governing telephone solicitations, so called “mini-TCPAs.” One such state is Texas, which has had a mini-TCPA in place since 2009.

The Texas mini-TCPA applies

On August 11, 2025, the Office for Civil Rights (OCR) published updated guidance relating to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule (Privacy Rule) in the form of two new FAQs. The FAQs clarify the OCR’s position on (1) permitted disclosures of protected health information (PHI) to value-based care arrangements and (2)

On August 11, 2025, the Pennsylvania Office of Attorney General (PA AG) issued a statement on its Facebook account regarding a cyber incident that had affected PA AG systems, including its website, email accounts, and phone lines.

The PA AG has not shared a specific cause of the incident. However, security researcher Kevin Beaumont recognized

On July 24, 2025, during a public meeting following public comment, the California Privacy Protection Agency (CPPA) Board unanimously approved amendments to the California Consumer Privacy Act (CCPA). These substantial changes include new obligations for businesses subject to the CCPA. Significantly, the updates emphasize CPPA’s new regulatory focus over AI decision-making and cybersecurity in addition

On July 29, 2025, the Consumer Financial Protection Bureau (CFPB) stated in a legal briefing that it has decided to reconsider an agency rule “with a view to substantially revis[e] it and provid[e] a robust justification.” The federal district court hearing the case granted the motion, thus pausing the lawsuit for now.

The rule at

Reproductive health privacy is once again in the legal spotlight with a recent federal district court decision that struck down nearly all of a recent rule under the Health Insurance Portability and Accountability Act (HIPAA) that protected reproductive healthcare-related information privacy.

In a ruling issued on June 18, 2025, in Purl v. Department of Health