Sarah Rippy

Overview

Sarah Rippy is an attorney in Crowell & Moring's Denver office and a member of the Privacy and Cybersecurity Group, where she practices at the intersection of law and technology. Prior to joining Crowell & Moring, Sarah was a Westin Fellow at the International Association of Privacy Professionals, where she developed a specific emphasis on emerging state privacy laws.

Upon joining Crowell & Moring, she continued to develop her practice, which focuses on assisting clients navigate the rapidly evolving privacy and AI landscape. Sarah regularly provides practical advice on compliance and best practices related to developing and implementing comprehensive privacy programs. Sarah is also well suited to counsel clients regarding incident response, laws governing social media and children’s data, and AI laws and regulations.

Sarah works with clients of all sizes, from startups to multinational corporations, helping them protect their assets and optimize legal strategies in a fast-changing business environment.

Career & Education

University of Colorado School of Law at Boulder, J.D., 2020
St. Olaf College, B.A., magna cum laude, 2016
- University of Colorado School of Law at Boulder, J.D., 2020
- St. Olaf College, B.A., magna cum laude, 2016
Colorado
District of Columbia
- Colorado
- District of Columbia

Sarah's Insights

Client Alert | 2 min read | 04.10.26

Federal Agencies Warn of Iranian-Affiliated Cyber Actors Exploiting Internet-Facing Operational Technology Devices

On April 7, 2026, six federal agencies (FBI, CISA, NSA, EPA, DOE, and U.S. Cyber Command – Cyber National Mission Force) published a joint advisory warning that Iranian-affiliated threat actors are targeting internet-facing OT devices, particularly PLCs. In some cases, the threat actors have caused operational disruptions and financial losses at U.S. critical infrastructure organizations by manipulating software files that contain configuration settings as well as showing false data on hardware and software dashboards and displays....

Blog Post | 11.11.25
Big Data v. the Individual’s Right to Privacy on the Road
Client Alert | 5 min read | 10.08.25
Hacker No Fly Zone: FAA and TSA Propose Cybersecurity Rules for Drone Ecosystem
Client Alert | 6 min read | 09.29.25
White House Seeks Industry Input on Laws and Rules that Hinder AI Development

View All Insights

Insights

Client Alert | 2 min read | 04.10.26

Federal Agencies Warn of Iranian-Affiliated Cyber Actors Exploiting Internet-Facing Operational Technology Devices

Blog Post | 11.11.25

Big Data v. the Individual’s Right to Privacy on the Road

Client Alert | 5 min read | 10.08.25

Hacker No Fly Zone: FAA and TSA Propose Cybersecurity Rules for Drone Ecosystem

Client Alert | 6 min read | 09.29.25

White House Seeks Industry Input on Laws and Rules that Hinder AI Development

U.S. Privacy Legislation: More States Put Laws on the Books
|
05.14.24
Privacy and Cybersecurity Outlook: The 2024 Landscape
"Everyone's Talking AI, Including the FTC: Key Takeaways from the FTC's 2023 AI Guidance," The Journal for Robotics, Artificial Intelligence and Law, (Volume 6, No. 4)
|
July-August 2023
Everyone’s Talking AI, Including the FTC: Key Takeaways From The FTC’s 2023 AI Guidance
|
04.27.23
The Journal of Robotics, Artificial Intelligence & Law
A Practical Guide to Biometric Information Laws
|
03.27.23
Privacy Patchwork: Looking Back at the 2021 Legislative Session
|
09.09.21
International Association of Privacy Professionals: Westin Research Center
Colorado Privacy Act Becomes Law
|
07.08.21
International Association of Privacy Professionals: Westin Research Center
Opt-in vs. Opt-out Approaches to Personal Information Processing
|
05.10.21
International Association of Privacy Professionals: Westin Research Center
Virginia Passes the Consumer Data Protection Act
|
03.03.21
International Association of Privacy Professionals: Westin Research Center
Top-10 Operational Impacts of the CPRA: Part 5—Notice Obligations and Right to Opt Out
|
01.28.21
International Association of Privacy Professionals: Westin Research Center
Top-5 Operational Impacts of Brazil's LGPD: Part 4—DPOs
|
11.12.20
International Association of Privacy Professionals: Westin Research Center
View All Publications
Federal Agencies Warn of Iranian-Affiliated Cyber Actors Exploiting Internet-Facing Operational Technology Devices
|
04.10.26
Hacker No Fly Zone: FAA and TSA Propose Cybersecurity Rules for Drone Ecosystem
|
10.08.25
White House Seeks Industry Input on Laws and Rules that Hinder AI Development
|
09.29.25
No Opt-Out for State Data Privacy Compliance: California, Colorado and Connecticut Keep Data Privacy Enforcement Pressure on with Joint Enforcement Sweep
|
09.10.25
What Companies Need To Know From the California Privacy Protection Agency’s First CCPA Enforcement Action
|
03.20.25
Biden Admin Eyes IoT Cyber Practices
|
07.21.23
MOVEit Vulnerability: What to Know and What to Do
|
06.07.23
OCR Proposes HIPAA Amendments to Strengthen Reproductive Health Care Privacy
|
04.26.23
Iowa to Introduce the Sixth Comprehensive State Privacy Law in United States
|
03.24.23
Everyone’s Talking AI, Including the FTC: Key Takeaways from the FTC’s 2023 AI Guidance
|
03.13.23
View All Client Alerts
"Privacy and Cybersecurity Outlook: The 2025 Landscape," Crowell & Moring Webinar.
|
02.20.25
"Global Privacy Policy Training," Crowell & Moring, Webinar, 2023.
|
03.24.23
"The Essentials on Employee Data Privacy," Meru Data Webinar, 2023.
|
02.24.23
"U.S. Privacy Law Update," Virtual Denver Knowledgenet
|
03.01.21
Crowell & Moring Opens In Denver With Plans To Grow
|
10.22.21
Law Week Colorado
Crowell & Moring To Launch In Denver With Seven-Lawyer Team
|
10.15.21
The Global Legal Post
Crowell & Moring Launches In Denver With Seven-Lawyer Team
|
10.14.21
Reuters
Crowell & Moring Opens In Denver, Hires 4 Attorneys
|
10.14.21
Law360
Big Data v. the Individual’s Right to Privacy on the Road
|
11.11.25
Crowell & Moring’s Transportation Law: Moving Forward
OCR Issues Anti-Discrimination Guidance for Pharmacies Related to Reproductive Health Care Services
|
07.25.22
Crowell & Moring’s Health Law Blog

View All Insights

Practices

Sarah's Insights

Client Alert | 2 min read | 04.10.26

Federal Agencies Warn of Iranian-Affiliated Cyber Actors Exploiting Internet-Facing Operational Technology Devices

On April 7, 2026, six federal agencies (FBI, CISA, NSA, EPA, DOE, and U.S. Cyber Command – Cyber National Mission Force) published a joint advisory warning that Iranian-affiliated threat actors are targeting internet-facing OT devices, particularly PLCs. In some cases, the threat actors have caused operational disruptions and financial losses at U.S. critical infrastructure organizations by manipulating software files that contain configuration settings as well as showing false data on hardware and software dashboards and displays....

Blog Post | 11.11.25
Big Data v. the Individual’s Right to Privacy on the Road
Client Alert | 5 min read | 10.08.25
Hacker No Fly Zone: FAA and TSA Propose Cybersecurity Rules for Drone Ecosystem
Client Alert | 6 min read | 09.29.25
White House Seeks Industry Input on Laws and Rules that Hinder AI Development

View All Insights

Sarah Rippy

Overview

Overview

Career & Education

Education

Admissions

Sarah's Insights

Insights

Publications

Client Alerts

Speaking Engagements

Press Coverage

Blog Posts

Practices

Sarah's Insights