Linn Foster Freedman

Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

Cybersecurity Reporting to the Board

Robinson+Cole has the distinct pleasure to host the CISO Executive Network in Hartford and Boston. It is an opportunity to hang out with Chief Information Security Officers (CISOs), develop relationships with them, discuss commonality in the issues they experience, and collaborate on different strategies to address their concerns. This week the meetings centered around effective … Continue Reading

VPN Packages Store Cookies Insecurely

The Department of Homeland Security (DHS) issued a warning on April 15, 2019, entitled “VPN Applications Insecurely Store Session Cookies” (Vulnerability Note VU#192371) stating that “[M]ultiple Virtual Private Network (VPN) applications store the authentication and/or session cookies insecurely in memory and/or log files.” The affected products identified by DHS are: Palo Alto Networks GlobalProtect Agent … Continue Reading

WIPRO Hacked

I have been alerting clients that I know use Wipro, but may have missed some of you. It is being reported that IT outsourcing company Wipro Ltd. has been hacked through several phishing campaigns from what is believed to be a state-sponsored attacker. According to recent reports, including KrebsonSecurity, sources have stated that “Wipro’s systems … Continue Reading

Incident Response Plan Saves Money

The Ponemon Institute recently completed research, sponsored by IBM Resilient, entitled “The 2019 Cyber Resilient Organization,” which surveyed more than 3,600 security and IT professionals around the world to determine organizations’ ability to maintain their core purpose and integrity in the face of cyber-attacks. According to IBM, the research found that “a vast majority of … Continue Reading

Privacy Tip #186 – Some Hotmail Users’ Emails Compromised

On April 14, 2019, Microsoft alerted some account owners that Microsoft Outlook and Hotmail email addresses had been compromised over a three-month period. According to Microsoft, “We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account.” It also said “[U]pon awareness of … Continue Reading

States Legislate Cybersecurity Requirements for Insurance Companies

Following in the footsteps of the New York Department of Financial Regulation (NYDFS) in enacting cybersecurity requirements for the financial services industry, and in response to massive data breaches in the insurance industry, a wave of states have either enacted or are pursuing legislation aimed at regulating the cybersecurity measures of insurance companies. In 2017, … Continue Reading

Think Like a Hacker

I was with a bunch of CFOs this week talking about cybersecurity and I told them how easy it is for hackers these days. They can infiltrate a company’s system by compromising an O365 account that doesn’t have multi-factor authentication, and according to a Ponemon study, are in the company’s system for over 200 days. … Continue Reading

New Malware Targets Big Banks and Cryptocurrency Apps

New malicious malware dubbed “Gustuff” targets big banks, fintech companies and cryptocurrency apps, according to the security firm Group IB. According to Group IB, which discovered Gustuff on hacker forums, the new malware is affecting Android devices and is “a mobile Android Trojan, which includes potential targets of customers in leading international banks, users of … Continue Reading

Medical Marijuana Delivery App Agrees to Settle TCPA Case for $1.75M

The “Uber of weed” app developed by Eaze Solutions, Inc. (Eaze) provides information to users about the delivery of recreational and medical marijuana throughout California. Unfortunately, Eaze allegedly violated the Telephone Consumer Protection Act (TCPA) by inundating its users with unsolicited, autodialed text messages about how to buy marijuana. The named plaintiff alleges that she … Continue Reading

Workplace Privacy

In the Privacy Law class I teach at Roger Williams Law School, we are discussing workplace privacy. Students over the years have been surprised that there are so few laws that govern employees’ privacy in the work place, and in general believe that workers have an expectation of privacy. The law doesn’t really reflect this … Continue Reading

LockerGoga Ransomware Hits Manufacturer and Chemical Companies

In the last two weeks, ransomware dubbed LockerGoga has attacked aluminum manufacturer Norsk Hydro, which announced that as a result of the attack, it had to shut down its worldwide network and chemical companies Hexion and Momentive. According to reports, each of the companies received similar ransomware messages. One company had to order all new … Continue Reading

Password Fatigue

Everyone hates passwords. They are difficult to remember, and human nature is to re-use them across platforms, which is well-known to be a no-no. Managing passwords is time consuming, cumbersome and a pain. Which is why they continue to be a problem for security. A recent research study sponsored by Yubico and conducted by Ponemon … Continue Reading

Semi-Autonomous? Volvo’s Plan to Include New Features in its Next Fleet

Recently, Volvo announced that it will introduce a 112 mph speed cap on its vehicles from 2020 onward. Now, Volvo has announced that it will include driver-facing cameras and sensors in all of its vehicles as well. The goal of these cameras? Volvo says that it’s to crack down on distracted drivers—checking text messages, intoxication, … Continue Reading

FTC Seeks Information from ISPs on Privacy Procedures

The Federal Trade Commission (FTC) issued an Order to File a Special Report to seven Internet broadband providers in the U.S., requesting information on how the companies “collect, retain, use and disclose information about consumers and their devices.” According to its press release, the FTC “is initiating this study to better understand Internet service providers’ … Continue Reading

Spear Phishing Scheme Dupes Nine Staff Members at Oregon DHS Compromising PHI of 350,000 in Over 2M Emails

The Oregon Department of Human Services (DHS) announced late last week that nine of its staff members had fallen victim to a phishing campaign and that their email boxes were compromised on January 8, 2019. The intrusion was discovered on January 28, 2019. When the intrusion was discovered, the staff members’ changed their passwords to … Continue Reading

Preparing for Compliance with the California Consumer Privacy Act

On the heels of working with clients on compliance with the European Union’s General Data Privacy Regulation (GDPR) and the rapidly evolving landscape of data privacy and security laws and regulations, the next hurdle to set compliance sights on for organizations is the California Consumer Privacy Act (CCPA). We have previously outlined the requirements of … Continue Reading

Privacy Tip #182 – FTC Issues 2018 Annual Report on Data Privacy and Security

In the midst of unending robocalls, news of big tech companies collecting, using and monetizing consumers’ information, and hackers and scammers, we forget that anyone is doing anything to protect our privacy. Only somewhat comforting against that backdrop is the Federal Trade Commission’s (FTC) annual report on its privacy and security work, which was released … Continue Reading

Misconfigured Box Accounts Can Expose Data

Security researchers at Adversis have discovered that dozens of companies have inadvertently leaked corporate and customer data through their Box enterprise storage accounts because staff are sharing public links to their private corporate files. According to the researchers, data stored in Box enterprise accounts is private by default, but if users share the files or … Continue Reading
LexBlog