Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

Small and Mid-Sized Businesses Continue to Be Targeted by Cybercriminals

By Linn Foster Freedman on October 17, 2019 Posted in Cybersecurity

A recent Ponemon Institute study finds that small and mid-sized businesses continue to be targeted by cybercriminals, and are struggling to direct an appropriate amount of resources to combat the attacks. The Ponemon study finds that 76 percent of the 592 companies surveyed had experienced a cyber-attack in the previous year, up from 70 percent … Continue Reading

NSA Warns of Hackers Attacking VPN Service Applications

By Linn Foster Freedman on October 17, 2019 Posted in New + Now

The National Security Agency issued an advisory last week to warn companies and users that nation-state actors are actively exploiting vulnerabilities in several virtual private network (VPN) service applications to obtain access to users’ devices. The hackers are leveraging vulnerabilities in older versions of VPN applications, and if successful, the attackers can then remotely execute … Continue Reading

Privacy Tip #212 – National Cybersecurity Awareness Month: “Own IT”

By Linn Foster Freedman on October 17, 2019 Posted in Privacy Tips

Everyone should be aware that October is National Cybersecurity Awareness Month. TechNewsWorld is urging all users to “Own IT,” which “means staying safe on social media, updating privacy settings, and keeping tabs on apps. Simply put, users need to take better ownership of their data and their online presence as part of daily safe cyber … Continue Reading

CCPA News: Amendments Signed into Law by the California Governor and Draft Regulations Released by the State’s Attorney General

By Linn Foster Freedman and Deborah George on October 14, 2019 Posted in Data Privacy, Websites

Last week was a busy week for the California Consumer Privacy Act (CCPA), as Attorney General Xavier Becerra released draft regulations on October 10 and Governor Newsom signed several pending CCPA amendments into law on October 11. The CCPA amendments clarified several important issues, including: employee information and business-to-business (B2B) communications are exempt from the … Continue Reading

FBI Warns of Sharp Increase in Ransomware Attacks in Certain Sectors

By Linn Foster Freedman on October 10, 2019 Posted in Cybersecurity

The Federal Bureau of Investigations Internet Crime Complaint Center (IC3) recently issued a public service announcement warning private companies about the increasing numbers of ransomware attacks affecting private industry. According to the warning, “Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted health care organizations, industrial … Continue Reading

Dental Practice Pays $10,000 Fine to OCR for Disclosing PHI on Social Media

By Linn Foster Freedman on October 10, 2019 Posted in HIPAA and Health Information

Elite Dental Associates (Elite), located in Dallas, Texas has agreed to settle alleged HIPAA violations with the Office for Civil Rights (OCR) for $10,000. The OCR alleged that it received a complaint from a patient in June of 2016 that Elite had disclosed the patient’s last name and details of the patient’s health condition on … Continue Reading

Department of Defense Subcontractors: Cybersecurity Compliance is Top Priority

By Linn Foster Freedman on October 10, 2019 Posted in New + Now

The Office of the Under Secretary of Defense for Acquisition and Sustainment has been on a fast track mission to shore up the cybersecurity measures of defense contractors and the supply chain to the Department of Defense (DOD). It is in the process of developing a Cybersecurity Maturity Model Certification (CMMC) requirement for those vendors. … Continue Reading

Privacy Tip #211 – WhatsApp Users: Update Your App to Patch Vulnerability

By Linn Foster Freedman on October 10, 2019 Posted in Privacy Tips

WhatsApp has announced that it has patched a vulnerability that would have allowed hackers to access with malware the chat history of users. Android 8.1 and 9 could have been susceptible to the attack. However, WhatsApp is urging all users to update their app. Although WhatsApp says it has patched the vulnerability and does not … Continue Reading

Ransomware Attacks Double in 2019: Medical Providers Can’t Recover and Shut Down

By Linn Foster Freedman on October 3, 2019 Posted in Cybersecurity, Health Information Privacy, HIPAA and Health Information

Consistent with our experience, security firm McAfee has confirmed in a report that ransomware attacks have doubled in 2019. Medical providers have been hit hard this year, and one provider, Wood Ranch Medical, located in California, is permanently closing following a ransomware attack. Wood Ranch was hit with a ransomware attack over the summer, and … Continue Reading

Google Sued Under Illinois Biometric Information Privacy Act

By Linn Foster Freedman on October 3, 2019 Posted in Enforcement + Litigation

Another day, another suit against a brand name for allegations of violation of the Illinois Biometric Information Privacy Act (BIPA). Plaintiffs’ attorneys are having a field day filing class action lawsuits based on BIPA. Late last week, Google was sued in Cook County, Illinois in a proposed class action, alleging that it violated BIPA by … Continue Reading

Important Tool in Your Box: Spam Filter

By Linn Foster Freedman on October 3, 2019 Posted in New + Now

I have been hanging out a lot with Chief Information Officers (CIO) and Chief Information Security Officers (CISO) these days at speaking engagements and conferences, as October – National Cybersecurity month – is always busy. The topic that keeps coming up in these conversations is phishing and how most ransomware attacks are started because an … Continue Reading

Privacy Tip #210 – HHS Office of Inspector General Issues Fraud Alert for Genetic Testing Scam Targeting Seniors

By Linn Foster Freedman on October 3, 2019 Posted in Health Information Privacy, HIPAA and Health Information, Privacy Tips

Everyone knows how I feel about those home genetic testing kits—most people don’t understand that when they send their DNA to a private company that it is not protected by HIPAA or any other law, and the company can legally use and disclose it, including selling it to other companies. Understand what companies are doing … Continue Reading

Click2Gov Portal Compromised in Eight Cities

By Linn Foster Freedman on September 26, 2019 Posted in Cybersecurity

Many cities in the United States utilize a self-pay portal for residents to pay bills online, known as Click2Gov. Click2Gov was compromised in 2017 and 2018, when hackers were able to access over 300,000 payment cards and reportedly made more than $2 million in the heist. It is being reported this week by security researchers … Continue Reading

Vimeo Hit with Class Action for Alleged Violations of Biometric Law

By Linn Foster Freedman on September 26, 2019 Posted in Enforcement + Litigation

Vimeo, Inc. was sued last week in a class action case alleging that it violated the Illinois Biometric Information Privacy Act by “collecting, storing and using Plaintiff’s and other similarly situated individuals’ biometric identifiers and biometric information…without informed written consent.” According to the Complaint, Vimeo “has created, collected and stored, in conjunction with its cloud-based … Continue Reading

FTC Sues Match.com Owner for Alleged Fake Love-Interest Ads

By Linn Foster Freedman on September 26, 2019 Posted in Enforcement + Litigation

The Federal Trade Commission (FTC) announced in a press release on September 25, 2019, that it has filed a Complaint against Match Group, Inc. (Match), the owner of Match.com, Tinder, OKCupid, PlentyOfFish and other alternative dating sites, alleging that it “used fake love interest advertisements to trick hundreds of thousands of consumers into purchasing paid … Continue Reading

Privacy Tip #209 – Security Tips for Online Banking

By Linn Foster Freedman on September 26, 2019 Posted in Privacy Tips

While on a plane this week, I read a great Wall Street Journal (WSJ) article called “How to Keep Your Mobile Banking Safe.” Although I question whether anyone can keep their online bank account completely safe, it was a good article and had some great tips that I want to pass along to those of … Continue Reading

Survey Shows Fewer than 1/3 of Employees Receive Annual Cyber Training

By Linn Foster Freedman on September 25, 2019 Posted in New + Now

Despite the fact that security experts have emphasized the importance of cyber education and training as a preventive measure to protect against a devastating data breach, Chubb’s Third Annual Cyber Risk Survey finds that only 31 percent of employees in the businesses surveyed receive cyber training and education on an annual basis. According to the … Continue Reading

Almost Entire Ecuadorian Population Affected by Massive Data Breach

By Linn Foster Freedman on September 19, 2019 Posted in Cybersecurity

The Ecuadorian Ministry of Telecommunications and Information Security has announced an investigation into data analytics company Novaestrat after news broke this week that the company left an Elasticsearch server open without any password protection, allowing open access to the data. According to officials, Novaestrat was not supposed to have the data in the first place. … Continue Reading

Why Having a Chief Data Ethics Officer is Worth Consideration

By Linn Foster Freedman on September 19, 2019 Posted in New + Now

Emerging technology has vastly outpaced corporate governance and strategy, and the use of data in the past has consistently been “grab it” and figure out a way to use it and monetize it later. Today’s consumers are becoming more educated and savvy about how companies are collecting, using and monetizing their data, and are starting … Continue Reading

Privacy Tip #208 – Last Pass Patches Bug that Leaks Passwords

By Linn Foster Freedman on September 19, 2019 Posted in Privacy Tips

I am not a big fan of putting all of one’s passwords in one place, but many people use password managers. If you use Last Pass (see previous blog posts about Last Pass here and here), be aware that it was recently advised by a Google Project Zero researcher that there was a vulnerability that made … Continue Reading

School System Victimized by Second Ransomware Attack in Months

By Linn Foster Freedman on September 12, 2019 Posted in Cybersecurity

The Wolcott school system in Wolcott, Connecticut has been recovering for four months from a ransomware attack that hit its system at the end of the school year. Last week, it was hit with a second attack. According to reports, the cyber criminals behind the recent ransomware attack were holding teacher lesson plans hostage. The … Continue Reading

Municipalities and School Systems: Educate Your Employees

By Linn Foster Freedman on September 12, 2019 Posted in New + Now

The pace and number of cyber-attacks against municipalities and school systems is staggering and likes of which we have never seen. Municipalities and school systems are obvious targets for cyber criminals as it is well known that resources are scarce to implement measures to combat cyber-attacks. Nearly all of the attacks that we’ve written about … Continue Reading

Privacy Tip #207 – Digital Assets

By Linn Foster Freedman on September 12, 2019 Posted in Digital Assets, Privacy Tips

I haven’t written about digital assets in a while [view related posts] and I was reminded of the importance of putting digital assets into your estate plan this week in a conversation with a colleague. After my experience of serving as the executor of three estates, it became clear to me how important it is … Continue Reading

July 2019 Ranks Highest in History for Health Care Data Breaches

By Linn Foster Freedman on September 5, 2019 Posted in Cybersecurity

July 2019 was the worst month in history for health care data breaches, with a total of 50 breaches that affected more than 500 records reported to the Office for Civil Rights (OCR), according to HIPAA Journal. Those 50 reportable data breaches exposed more than 35 million individuals’ health care records. HIPAA Journal opines that … Continue Reading

This Blog/Website is made available by the lawyer or law firm publisher for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By using this blog site you understand that there is no attorney client relationship between you and the Blog/Website publisher. The Blog/Website should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. Any opinions expressed on this Blog/Website are opinions only of the author, expressed at the time the material is written based on information available to the author at that time, and are not opinions of the author's law firm or any of the author's or the law firm's clients. This Blog/Website is not intended to be attorney advertising. To the extent it might be deemed to be attorney advertising, it should not be considered advertising or to be seeking legal work in any jurisdiction in which the author is not admitted to practice law (i.e., jurisdictions other than Connecticut, Massachusetts, and various federal courts).