Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

SEC Report Cautions Companies to Consider Cyber Threats with Internal Controls

By Linn Foster Freedman on October 18, 2018 Posted in Cybersecurity

The Securities and Exchange Commission (SEC) this week issued an investigative report that outlined cyber incidents that nine public companies had experienced, causing fraudulent losses totaling more than $100 million. The conclusion of the report is that public companies “should consider cyber threats when implementing internal controls.” The investigations focused on business email compromises where … Continue Reading

Anthem Settles with OCR for $16M for 2015 Data Breach

By Linn Foster Freedman on October 18, 2018 Posted in Health Information Privacy, HIPAA and Health Information

The Department of Health and Human Services Office for Civil Rights (OCR) announced this week that it has settled the largest health care data breach for the largest enforcement fine in history. OCR settled the massive data breach Anthem suffered in 2015 for $16 million—a substantially larger fine than any others assessed by OCR for … Continue Reading

Office 365 Migration

By Linn Foster Freedman on October 18, 2018 Posted in New + Now

Many companies are migrating their email systems to Microsoft Office 365 (O365). The majority of security incidents in which we have been engaged in over the past six months involve a hacker successfully phishing an employee of the company (most of the time someone who is an executive in the company) and then spoofing the … Continue Reading

Privacy Tip #161 – FTC Launches “Data Spotlight”

By Linn Foster Freedman on October 18, 2018 Posted in Privacy Tips

The Federal Trade Commission (FTC) announced yesterday that it will release on a quarterly basis instead of annually an aggregated report of all of the consumer complaints lodged by individuals . The goal is to provide more up-to-date information about what consumers are experiencing so others can learn from them and protect themselves from becoming … Continue Reading

Consumers Mixed on Retailers’ Use of Facial Recognition Technology

By Linn Foster Freedman on October 12, 2018 Posted in Cybersecurity

Many consumers are unaware that retailers use facial recognition technology in retail stores to monitor shoppers and prevent shoplifting. Consumers see cameras in retail stores and assume it is to monitor for shoplifting and theft, but many are unaware that facial recognition technology is used so their actual identity can be determined while they are … Continue Reading

Website ADA Lawsuits

By Linn Foster Freedman on October 12, 2018 Posted in New + Now, Telephone Consumer Protection Act

One of our clients told us this week that he loves to read the blog and Insider, but that he would really appreciate it if we would point out some hot compliance tips so when he scans the Insider he can see hot button topics that he should be aware of that he might not … Continue Reading

Privacy Tip #160 – In the Near Future: Taking Control of Your Data

By Linn Foster Freedman on October 12, 2018 Posted in Privacy Tips

I often hear people say that they have no control of their data, that their data is being monetized by big companies, that they don’t know what those companies are doing with their data, that they are frustrated when they receive notification that their data has been compromised, and they didn’t even know that company … Continue Reading

FTC Settles with Four Companies over Privacy Shield Certification

By Linn Foster Freedman on October 11, 2018 Posted in Enforcement & Litigation

In the wake of the determination by the European Commission that the EU-US Safe Harbor Framework was insufficient to protect EU citizens’ personal information, the Privacy Shield Framework was implemented by the Department of Commerce. Companies who apply for Privacy Shield certification are required to file an application, which requires the companies to attest to … Continue Reading

FDA Announces Playbook for Medical Device Cybersecurity

By Linn Foster Freedman on October 4, 2018 Posted in Cybersecurity

On October 1, 2018, the Food and Drug Administration (FDA) issued its “Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook” to address continued threats to medical devices that could affect patient safety. The 32 page playbook, developed by MITRE Corp., states that “the purpose of the playbook is to serve as a tool for … Continue Reading

Sunrun Settles Robocall Suit for $5.5 Million

By Linn Foster Freedman on October 4, 2018 Posted in Enforcement & Litigation

Although it denies liability or wrongdoing, Sunrun Inc. has agreed to pay $5.5 million to settle a potential class action case alleging it of calling numbers on the Do Not Call Registry. Sunrun, a solar company, is alleged to have made unsolicited, automatic, pre-recorded voice calls to people on the Do Not Call Registry and … Continue Reading

Privacy Tip #159 – Consider Risks When Using Facebook and Other Social Media Platforms

By Linn Foster Freedman on October 4, 2018 Posted in Privacy Tips, Social Media

Facebook announced late last week that it had suffered the largest breach in its history with 50 million accounts were compromised, and another 40 million accounts affected. Yes, that equals 90 million accounts. If you use Facebook and were locked out of your account over the weekend, your account was most likely affected. The 50 … Continue Reading

California Tackles IoT Security with New Bill

By Linn Foster Freedman on September 27, 2018 Posted in Cybersecurity

The State of California is once again leading the way with trying to keep up with technology and protecting consumers. Senate Bill 327 requires Internet of Things (IoT) developers to implement “reasonable security features” in IoT products, such as baby monitors, televisions, automobiles, home appliances, fitness monitors, home security systems, and the like. This is … Continue Reading

Two More Companies Sued Under Illinois Biometric Law

By Linn Foster Freedman on September 27, 2018 Posted in Enforcement & Litigation

Two more companies are under fire for alleged violations of the Illinois Biometric Information Privacy Act (BIPA). Loews Hotel in Chicago was recently sued in the Circuit Court of Cook County for allegedly violating BIPA by collecting employees’ biometric information and sharing it with third parties without the employees’ consent. According to the suit against … Continue Reading

Uber Settles Data Breach Case With All 50 State AGs for $148 Million

By Linn Foster Freedman on September 27, 2018 Posted in Data Breach

Yesterday (September 26, 2018), Uber Technologies Inc. agreed to finish inquiries of all 50 states of its 2016 data breach by paying $148 million in different amounts to all 50 states and the District of Columbia. The settlement concludes the investigations into the data breach, which occurred in 2016 when hackers absconded with the personal … Continue Reading

Privacy Tip #158 – IoT Passwords

By Linn Foster Freedman on September 27, 2018 Posted in Internet of Things, Privacy Tips

California lawmakers have taken the lead in trying to address privacy and security issues with Internet of Things (IoT) devices (which we have been writing about for years), by passing the country’s first IoT security bill, which is now headed to Governor Brown’s desk for signature by September 30. One of the issues addressed by … Continue Reading

Schneider Electric USBs Infected with Malware

By Linn Foster Freedman on September 20, 2018 Posted in Cybersecurity

Schneider Electric recently issued a consumer warning that it mistakenly shipped USB drives to its customers that were infected with malware. Schneider Electric stated in its alert that “Schneider Electric has determine that some USB removable media shipped with [two products] were contaminated with malware during manufacturing by one of our suppliers.” According to the … Continue Reading

Ohio Passes Law Providing Safe Harbor for Businesses Suffering Data Breach

By Linn Foster Freedman on September 20, 2018 Posted in Data Breach

The Ohio legislature recently passed S.B. 220, which gives businesses that suffer a data breach an affirmative defense against tort claims brought in class action suits. The law goes into effect on November 2, 2018. Basically, the law gives the business a safe harbor if the business implements and complies with “a recognized cybersecurity framework.” … Continue Reading

Yahoo! Data Breach Estimated to Cost Successor Company Net $47 Million

By Linn Foster Freedman on September 20, 2018 Posted in Data Breach

Altaba Inc., the successor company of Yahoo Inc., recently noted in a filing with the Securities and Exchange Commission that after its settlement of consumer and shareholder suits relating to Yahoo’s data breach that affected all 3 million of its users, it will have paid a net $47 million in expenses. This estimate is based … Continue Reading

Choice Hotels Sued for Failing to Provide Information about Accessibility to Users

By Linn Foster Freedman on September 20, 2018 Posted in Enforcement & Litigation

Choice Hotels International Inc., was recently sued for failing to provide disabled users with information about its rooms’ and grounds’ accessibility. The suit, referencing the Comfort Inn in Gainesville, Florida, states that the hotel’s online reservation system fails to provide users with information about the accessible features for those using wheelchairs or canes. According to … Continue Reading

Privacy Tip #157 – Protect Yourself From Utility Scams

By Linn Foster Freedman on September 20, 2018 Posted in Privacy Tips

The recent tragedy with gas customers in Massachusetts has everyone focused on their utilities. Which makes it a perfect time for scam artists to take advantage of worried customers—both individuals and small businesses. One scam making headway is when a fraudster calls a customer over the telephone telling them that their water, electricity or gas … Continue Reading

HHS Issues Limited Waiver Following Hurricane Florence

By Linn Foster Freedman on September 14, 2018 Posted in HIPAA and Health Information

As Hurricane Florence was making landfall, Department of Health and Human Services Secretary Alex Azar issued HIPAA guidance that outlined when hospitals in declared state of emergency areas can qualify for a waiver of certain provisions of the HIPAA Privacy Rule, including fines and penalties. According to the guidance, “the HIPAA Privacy Rule allows patient … Continue Reading

Vicious Kronos Variant Osiris Malware Recently Released and Proving Dangerous

By Linn Foster Freedman on September 13, 2018 Posted in Cybersecurity

We all remember Kronos—the malicious malware that was sold by Russian underground forums in 2014 for $7,000. If you bought it, you were promised updates and development of new modules. The Kronos developers recently released a new update (dubbed Osiris), which is presently attacking individuals in Germany, Japan, and Poland, with the U.S. in the … Continue Reading

July Worst Month in 2018 for Health Care Data Breaches Reported to OCR

By Linn Foster Freedman on September 13, 2018 Posted in HIPAA and Health Information

Data breaches continue to plague the health care industry, and July 2018 was the worst month so far this year in the number of data breaches reported to the Office for Civil Rights (OCR). Thirty-three data breaches were reported by covered entities and business associates in July, with the largest one reported by UnityPoint Health, … Continue Reading

This Blog/Website is made available by the lawyer or law firm publisher for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By using this blog site you understand that there is no attorney client relationship between you and the Blog/Website publisher. The Blog/Website should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. Any opinions expressed on this Blog/Website are opinions only of the author, expressed at the time the material is written based on information available to the author at that time, and are not opinions of the author's law firm or any of the author's or the law firm's clients. This Blog/Website is not intended to be attorney advertising. To the extent it might be deemed to be attorney advertising, it should not be considered advertising or to be seeking legal work in any jurisdiction in which the author is not admitted to practice law (i.e., jurisdictions other than Connecticut, Massachusetts, and various federal courts).