Linn Foster Freedman

Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

Almost Entire Ecuadorian Population Affected by Massive Data Breach

The Ecuadorian Ministry of Telecommunications and Information Security has announced an investigation into data analytics company Novaestrat after news broke this week that the company left an Elasticsearch server open without any password protection, allowing open access to the data. According to officials, Novaestrat was not supposed to have the data in the first place. … Continue Reading

Keep Privacy Shield Certification on the Radar Screen

After all of the GDPR compliance assessments, implementation and hullaballoo in the last year or so, many companies chose to certify that they are compliant with the EU-U.S. Privacy Shield framework rather than implementing a full-blown GDPR compliance program. To attain Privacy Shield certification, companies must submit an application and certify that when consumer data … Continue Reading

Privacy Tip #206 – Be Mindful of Calendar Invites—They Can Contain Spam

Spam is invading all aspects of our online life, and of late, even our online calendars. I hadn’t thought about embedded malware in calendar invites until I read an informative krebsonsecurity.com blog article this week. I think this is something everyone should know about and be mindful of when receiving calendar invites. Calendar invites are … Continue Reading

Colleges and Universities at Risk for Cyber-Attacks as School Year Starts

It’s a busy time for colleges and universities as the fall semester starts and campuses are bustling with activity. It’s also the perfect time for cyber criminals to create mayhem for institutions of higher education with a cyber-attack. That is exactly what happened to Regis University in Denver, Colorado. The university had to shut down … Continue Reading

Privacy Tip #205 – MoviePass Subscribers’ Card, Debit and Credit Card Information Exposed

There are a numerous subscription based services available to consumers that allow us to provide our debit or credit card numbers to obtain a subscription for services. Providing a debit or credit card number for these services for an automatic charge means that the company has your number and it can be exposed, putting you … Continue Reading

Twenty-three Texas Municipalities Crushed by Coordinated Ransomware Attack

We have definitely seen an uptick in the number of ransomware attacks against municipalities around the country. Thus far, the attacks have been against single cities, towns, and court systems, and recently against a Louisiana school system. The pace and coordination of these attacks have magnified, as evidenced by the coordinated and simultaneous ransomware attacks this … Continue Reading

Choice Hotels Contacts 700,000 Customers About Data Breach Caused by Vendor

In another example of a data breach allegedly caused by a vendor, Choice Hotels is contacting approximately 700,000 of its customers regarding a data breach caused by a third-party vendor that “copied the impacted data from our environment without authorization” to its server. While the data was being transferred to the third-party vendor’s server, it … Continue Reading

Initial Coin Offerings (ICOs) on SEC’s Radar

This month, the Securities and Exchange Commission (SEC) announced that it has entered into a settlement with SimplyVital Health, Inc., a blockchain company that offered and sold approximately $6.3 million worth of securities to the public. The SEC alleged that the plan to conduct an initial coin offering (ICO) to raise money to develop a … Continue Reading

Security Researchers Find Biometric Data on 28 Million Records Is Exposed

It was reported this week by The Guardian and Forbes that security researchers from Vpnmentor have discovered and published a report that Suprema, a company that collects and monitors biometric information such as fingerprints and facial recognition data, has left exposed the biometric information of 28 million records and 23 gigabytes of data insecure. Suprema … Continue Reading

Privacy Tip #203 – Cryptocurrency Woes

As cryptocurrency becomes more popular with investors, CipherTrace recently issued its Q2 2019 Cryptocurrency Anti-Money Laundering Report, which finds that “[O]utright thefts as well as scams and other misappropriation of funds from cryptocurrency users and exchanges continued apace, netting criminals and fraudsters approximately $4.26 billion in aggregate for 2019.” Yikes—that’s billion with a “b”. The … Continue Reading

Delta Sues Vendor for Causing Data Breach

In an unusual move, Delta Airlines (Delta) sued one of its vendors last week for the data breach it experienced in 2017. It’s an unusual move for several reasons. First, in our experience when a vendor causes a data breach, there is usually a contractual provision that can be followed that outlines the responsibility of … Continue Reading

New Threat to Companies: Warshipping

It is so hard to keep up with the latest ways the bad guys try to infiltrate company data. One new technique is called warshipping, and its implementation is pretty simple and a little old school. IBM X-Force Red investigated the technique to give its customers an idea of the newest threats to enterprise systems. … Continue Reading

Clever Call Center Concept

My husband was recently booking some travel for us and had an interesting experience that he thought was worth sharing. While he was providing his credit card number to the person who was assisting with the booking, that person told him before he gave the credit card number and CVV number to wait a moment, … Continue Reading

New Hampshire Enacts Insurance Data Security Law

New Hampshire Governor Chris Sununu recently signed the New Hampshire Insurance Data Security Law, which “establishes the exclusive state standards applicable to licensees for data security, the investigation of a cybersecurity event…, and notification to the commissioner.” The law is applicable to all persons or entities licensed, authorized to operate, registered or required to be … Continue Reading
LexBlog