Photo of Sarah Rippy

Sarah Rippy is an attorney in Crowell & Moring's Denver office and a member of the Privacy & Cybersecurity Group.

During law school, Sarah was executive editor of the Colorado Technology Law Journal and an active member of the Silicon Flatirons Center. She joins the firm after a year serving as a Westin Research Fellow at the International Association of Privacy Professionals, where she focused on state law developments, including the California Privacy Rights Act (CPRA), the Colorado Privacy Act (CPA), and the Virginia Consumer Data Protection Act (VCDPA).

On March 15, the Iowa House passed Senate File 262 (SF 262), a comprehensive state privacy law bill. If enacted, SF 262 would be the sixth state level privacy legislation, following California, Virginia, Colorado, Utah, and Connecticut, and it would go into effect on January 1, 2025.Continue Reading Iowa to Introduce the Sixth Comprehensive State Privacy Law in United States

On February 27, 2023, the Federal Trade Commission (“FTC”) Division of Advertising Practices updated their business guidance on the usage of Artificial Intelligence (“AI”) for 2023. In their post titled “Keep your AI claim in check”, the FTC guides marketers on how best to legally and efficiently utilize AI in advertising and avoid AI washing. Building upon the FTC’s previous AI guidance of 2020 and 2021, this year’s iteration emphasizes that false or unsubstantiated claims about a product’s efficacy—including those that involve promises about the ability of AI—runs afoul of the FTC Act. Specifically, the FTC reminds marketers of the following questions that they should consider with the increasing use of AI in products:Continue Reading Everyone’s Talking AI, Including the FTC: Key Takeaways from the FTC’s 2023 AI Guidance

On August 24, 2022, the California Attorney General’s Office announced a settlement with Sephora, Inc. (Sephora), a French multinational personal care and beauty products retailer. The settlement resolved Sephora’s alleged violations of the California Consumer Privacy Act (CCPA) for allegedly failing to: disclose to consumers that the company was selling their personal information, process user requests to opt out of sale via user-enabled global privacy controls, and cure these violations within the 30-day period currently allowed by the CCPA.Continue Reading $1.2 Million CCPA Settlement with Sephora Focuses on Sale of Personal Information and Global Privacy Controls