Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

Anti-Money Laundering Contacts at Financial Institutions Hit with Targeted Phishing Attack

By Linn Foster Freedman on February 14, 2019 Posted in Cybersecurity

To illustrate just how creative phishing campaigns have become, on January 30, 2019, it was reported by multiple credit unions that Bank Secrecy Act officers at credit unions around the country received emails that appeared to be from Bank Secrecy Officers at other credit unions. The emails were addressed to the actual Bank Secrecy officers … Continue Reading

The Telephone Consumer Protection Act

By Linn Foster Freedman on February 14, 2019 Posted in New + Now, Telephone Consumer Protection Act

Many companies’ sales and marketing department have no idea that there is a law that generally prohibits the use of robocalling or SMS texting for sales and marketing purposes without the express written consent of the recipient. Many of us get spam calls on our cell phones and residential phone lines (if they still exist) … Continue Reading

Privacy Tip #177 – What is Session Replay Technology?

By Linn Foster Freedman on February 14, 2019 Posted in Privacy Tips

This week, I learned a new thing. Many things actually, but one in particular that was really eye-opening for someone who has been a privacy professional for as long as I have. Session replay technology. I had never heard of it before. I found out about it because Apple is now telling its app developers … Continue Reading

Cottage Health Settles with OCR for $3M

By Linn Foster Freedman on February 11, 2019 Posted in Data Breach, Enforcement & Litigation, HIPAA and Health Information

We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $3 million in regard to a security incident that occurred in 2013. On February 7, 2019, the Office for Civil Rights (OCR) issued a press release that it settled HIPAA violations in December … Continue Reading

US-CERT Issues Advisory About Vulnerabilities in Patient Monitors

By Linn Foster Freedman on February 7, 2019 Posted in Cybersecurity

The U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Team (US-CERT) recently issued an advisory outlining three vulnerabilities of Drager Infinity Delta patient monitoring devices. The vulnerabilities affect all versions of the Drager models—Delta, Delta XL, Kappa, and infinity Explorer C700—patient monitoring devices. According to the alert, the three security flaws include: Exposure … Continue Reading

Community Health System Agrees to Settlement of $4.5 Million for 2014 Data Breach

By Linn Foster Freedman on February 7, 2019 Posted in Data Breach

Community Health System, located in Tennessee, has agreed to settle claims made against it arising from a 2014 data breach for $4.5 million. The data breach, believed to be caused by Chinese hackers, compromised the names, dates of birth, addresses, telephone numbers, and Social Security numbers of 4.5 million patients of the hospital system, which … Continue Reading

Protecting Against Wire Fraud and Man in the Middle Schemes

By Linn Foster Freedman on February 7, 2019 Posted in New + Now

The scammers continue to find easy ways to dupe unsuspecting businesses into sending information or money to them. It used to be that we had to address vast fraud schemes with phishing emails requesting the W-2s of employees. That is child’s play now as most companies are aware of the scheme and don’t fall victim … Continue Reading

Privacy Tip #176 – Sharing Your Genetic Information With Private Companies

By Linn Foster Freedman on February 7, 2019 Posted in Privacy Tips

I had very interesting conversations with both of my classes in the last week over the sharing of genetic information in the context of learning about the Genetic Information Non-Discrimination Act (GINA). GINA generally prohibits employers and insurers from using genetic information to discriminate in employment or insurance underwriting. People mistaken believe that GINA protects … Continue Reading

Sammamish, Washington Declares Emergency After Ransomware Attack

By Linn Foster Freedman on January 31, 2019 Posted in Cybersecurity

I was a speaker at a recent conference of municipalities in a state last week, and during my presentation, I mentioned the various cyber-attacks that have affected cities, towns and educational departments in the U.S. (Atlanta, GA; Farmington, CT; West Haven, CT; Leeds, AL; Yarrow Point, WA; and Leominster, MA to name a few). Little … Continue Reading

Girl Scouts Announce Another Cybersecurity Patch

By Linn Foster Freedman on January 31, 2019 Posted in Cybersecurity

We previously commended the Girl Scouts of the United States for encouraging girls to get involved in STEM, including cybersecurity by issuing a cybersecurity patch. The Girl Scouts announced that it has partnered with the Hewlett Packard Enterprise (HPE) to develop a new patch that girl scouts will be able to obtain if they successfully … Continue Reading

Data Privacy & Security Considerations in Mergers & Acquisitions Due Diligence

By Linn Foster Freedman on January 31, 2019 Posted in New + Now

It has long been standard practice to include data privacy and security due diligence in mergers and acquisitions for technology companies. Over the last several years, there has been an increase in data breaches which are costly and damaging to a company’s brand, and therefore, we have seen an uptick in companies including detailed requests … Continue Reading

Privacy Tip #175 – Data Privacy Day

By Linn Foster Freedman on January 31, 2019 Posted in Privacy Tips

Ok it’s not as great as your birthday, but it comes once a year—Data Privacy Day, which was celebrated worldwide this week on January 28, 2019. In honor of Data Privacy Day 2019, the United Nations Conference on Trade and Development (UNCTAD) published a map of the world showing which countries protect the online privacy … Continue Reading

U.S. CEOs Worried About Cyber Threats and Cybersecurity

By Linn Foster Freedman on January 24, 2019 Posted in Cybersecurity

In its C-Suite Challenge 2019, The Conference Board surveyed more than 800 CEOs and some 600 other C-Suite executives around the globe, drawing primarily from the U.S., Asia, and Europe. An interesting finding from the press release about the survey is that U.S. CEOs rank cybersecurity and cyber threats as their #1 external concern for … Continue Reading

Call Center Fraud Threats

By Linn Foster Freedman on January 24, 2019 Posted in New + Now, Telephone Consumer Protection Act

Many of our clients have customer call centers to help customers with varied questions or concerns. Those who work in customer service, and in call centers tend to patient and helpful. But sometimes being too helpful can land the company in the middle of a fraud scheme. We are seeing primarily foreign individuals use traditional … Continue Reading

Privacy Tip #174 – Cell Phone Geolocation Questions Answered

By Linn Foster Freedman on January 24, 2019 Posted in Privacy Tips

Last week’s Privacy Tip centered on how our cell phone geolocation data is being sold by the telephone companies Cell Phone Geolocation Data Being Sold. I sent out an APB to readers to answer my question about how they can do this when I turn off my location based services. My question was “…the thing … Continue Reading

New Ransomware Campaign Socks Victims with One-Two Punch

By Linn Foster Freedman on January 17, 2019 Posted in Cybersecurity

Cybercriminals have launched a new campaign that not only requires the victim to pay a ransom to have their data decrypted, but when the victim is directed to a PayPal account to pay the ransom to get the decryption key to unlock the data, the PayPal account page is fake and when the victim lands … Continue Reading

Judge Rules Biometric Identifiers Can’t Be Used to Unlock Phone

By Linn Foster Freedman on January 17, 2019 Posted in Enforcement & Litigation

A federal magistrate judge in California has ruled that law enforcement personnel may not require suspects to unlock their phones with biometric identifiers like a fingerprint, iris scan or facial recognition, saying the practice is unconstitutional. The decision followed the request for a search warrant in an extortion case. The prosecutors asked for an order … Continue Reading

Do You Have a WISP?

By Linn Foster Freedman on January 17, 2019 Posted in New + Now

Although the Massachusetts Data Security Regulations went into effect March 1, 2010, I still find that many companies have not implemented a Written Information Security Program (WISP) and don’t know that they are required to do so. According to the regulations, any companies or persons who store or use personal information of a Massachusetts resident … Continue Reading

Privacy Tip #173 – Cell Phone Geolocation Data Being Sold

By Linn Foster Freedman on January 17, 2019 Posted in Privacy Tips

We previously cautioned that telephone companies sell customer data to third parties, including location data [view related posts here]. Last year, the telecom industry pledged to stop the practice after pressure by members of Congress. Earlier this month, Joseph Cox of Motherboard released I Gave a Bounty Hunter $300. Then He Located Our Phone and … Continue Reading

Marriott Confirms Over 5 Million Passport Numbers Stolen in Data Breach

By Linn Foster Freedman on January 10, 2019 Posted in Cybersecurity

Marriott International Inc. has released new numbers relating to its Starwood Hotel’s reservation database by stating that 5 million passport numbers were stolen in the database. After further investigation, Marriott states that the information for fewer than 383 million guests (as opposed to 500 million) were exposed. The data that was compromised of these guests … Continue Reading

Neiman Marcus Settles Data Breach Litigation for $1.5 Million

By Linn Foster Freedman on January 10, 2019 Posted in Enforcement & Litigation

Neiman Marcus Group LLC has settled an investigation of its 2013 data breach with 43 states and the District of Columbia for $1.5 million. The data breach involved 370,000 credit cards, where 9,200 of the cards were used in a fraudulent manner [view related posts]. Illinois Attorney General Lisa Madigan, and Connecticut Attorney General George … Continue Reading

Privacy Tip #172 – The Weather Company App Collects and Monetizes Users’ Geolocation Information

By Linn Foster Freedman on January 10, 2019 Posted in Privacy Tips

A lawsuit filed late last week by Los Angeles City Attorney Michael Feuer alleges that TWC Product and Technology LLC (TWC), the company behind The Weather Company App, is collecting, disclosing, selling and monetizing users’ information without their consent. According to the lawsuit, the weather app tracks real time geolocation data on 45 million users … Continue Reading

HHS Issues Cybersecurity Practices for Health Care Industry

By Linn Foster Freedman on January 3, 2019 Posted in Cybersecurity

Just before the new year, the Department of Health and Human Resources (HHS) released voluntary cybersecurity practices for health care organizations, which consists of a main document, two technical volumes, and resources and templates that were compiled by more than 150 cybersecurity and health care experts. The publication, Health Industry Cybersecurity Practices: Managing Threats and … Continue Reading

This Blog/Website is made available by the lawyer or law firm publisher for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By using this blog site you understand that there is no attorney client relationship between you and the Blog/Website publisher. The Blog/Website should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. Any opinions expressed on this Blog/Website are opinions only of the author, expressed at the time the material is written based on information available to the author at that time, and are not opinions of the author's law firm or any of the author's or the law firm's clients. This Blog/Website is not intended to be attorney advertising. To the extent it might be deemed to be attorney advertising, it should not be considered advertising or to be seeking legal work in any jurisdiction in which the author is not admitted to practice law (i.e., jurisdictions other than Connecticut, Massachusetts, and various federal courts).