Linn Foster Freedman

Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

Anti-Money Laundering Contacts at Financial Institutions Hit with Targeted Phishing Attack

To illustrate just how creative phishing campaigns have become, on January 30, 2019, it was reported by multiple credit unions that Bank Secrecy Act officers at credit unions around the country received emails that appeared to be from Bank Secrecy Officers at other credit unions. The emails were addressed to the actual Bank Secrecy officers … Continue Reading

Cottage Health Settles with OCR for $3M

We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $3 million in regard to a security incident that occurred in 2013. On February 7, 2019, the Office for Civil Rights (OCR) issued a press release that it settled HIPAA violations in December … Continue Reading

US-CERT Issues Advisory About Vulnerabilities in Patient Monitors

The U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Team (US-CERT) recently issued an advisory outlining three vulnerabilities of Drager Infinity Delta patient monitoring devices. The vulnerabilities affect all versions of the Drager models—Delta, Delta XL, Kappa, and infinity Explorer C700—patient monitoring devices. According to the alert, the three security flaws include: Exposure … Continue Reading

Community Health System Agrees to Settlement of $4.5 Million for 2014 Data Breach

Community Health System, located in Tennessee, has agreed to settle claims made against it arising from a 2014 data breach for $4.5 million. The data breach, believed to be caused by Chinese hackers, compromised the names, dates of birth, addresses, telephone numbers, and Social Security numbers of 4.5 million patients of the hospital system, which … Continue Reading

Privacy Tip #176 – Sharing Your Genetic Information With Private Companies

I had very interesting conversations with both of my classes in the last week over the sharing of genetic information in the context of learning about the Genetic Information Non-Discrimination Act (GINA). GINA generally prohibits employers and insurers from using genetic information to discriminate in employment or insurance underwriting. People mistaken believe that GINA protects … Continue Reading

Data Privacy & Security Considerations in Mergers & Acquisitions Due Diligence

It has long been standard practice to include data privacy and security due diligence in mergers and acquisitions for technology companies. Over the last several years, there has been an increase in data breaches which are costly and damaging to a company’s brand, and therefore, we have seen an uptick in companies including detailed requests … Continue Reading

Privacy Tip #175 – Data Privacy Day

Ok it’s not as great as your birthday, but it comes once a year—Data Privacy Day, which was celebrated worldwide this week on January 28, 2019. In honor of Data Privacy Day 2019, the United Nations Conference on Trade and Development (UNCTAD) published a map of the world showing which countries protect the online privacy … Continue Reading

Google Fined $57M by French Data Protection Authority for Alleged Violations of GDPR

France’s data protection authority (DPA) (CNIL) recently announced that it has fined Google $57 million for violations of the General Data Protection Regulation (GDPR). This is the first fine by a European DPA of an American company for alleged violations of the sweeping EU privacy law. According to the CNIL, Google did not tell consumers … Continue Reading

Judge Rules Biometric Identifiers Can’t Be Used to Unlock Phone

A federal magistrate judge in California has ruled that law enforcement personnel may not require suspects to unlock their phones with biometric identifiers like a fingerprint, iris scan or facial recognition, saying the practice is unconstitutional. The decision followed the request for a search warrant in an extortion case. The prosecutors asked for an order … Continue Reading

Do You Have a WISP?

Although the Massachusetts Data Security Regulations went into effect March 1, 2010, I still find that many companies have not implemented a Written Information Security Program (WISP) and don’t know that they are required to do so. According to the regulations, any companies or persons who store or use personal information of a Massachusetts resident … Continue Reading

Marriott Confirms Over 5 Million Passport Numbers Stolen in Data Breach

Marriott International Inc. has released new numbers relating to its Starwood Hotel’s reservation database by stating that 5 million passport numbers were stolen in the database. After further investigation, Marriott states that the information for fewer than 383 million guests (as opposed to 500 million) were exposed. The data that was compromised of these guests … Continue Reading

Neiman Marcus Settles Data Breach Litigation for $1.5 Million

Neiman Marcus Group LLC has settled an investigation of its 2013 data breach with 43 states and the District of Columbia for $1.5 million. The data breach involved 370,000 credit cards, where 9,200 of the cards were used in a fraudulent manner [view related posts]. Illinois Attorney General Lisa Madigan, and Connecticut Attorney General George … Continue Reading

Privacy Tip #172 – The Weather Company App Collects and Monetizes Users’ Geolocation Information

A lawsuit filed late last week by Los Angeles City Attorney Michael Feuer alleges that TWC Product and Technology LLC (TWC), the company behind The Weather Company App, is collecting, disclosing, selling and monetizing users’ information without their consent. According to the lawsuit, the weather app tracks real time geolocation data on 45 million users … Continue Reading

HHS Issues Cybersecurity Practices for Health Care Industry

Just before the new year, the Department of Health and Human Resources (HHS) released voluntary cybersecurity practices for health care organizations, which consists of a main document, two technical volumes, and resources and templates that were compiled by more than 150 cybersecurity and health care experts. The publication, Health Industry Cybersecurity Practices: Managing Threats and … Continue Reading
LexBlog