Linn Foster Freedman

Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

NCCoE Seeks Comment from Manufacturing Sector for Industrial Control Systems

Protection of industrial control systems is crucial to the security of our country. The National Cybersecurity Center of Excellence (NCCoE) has announced a project for which it is seeking comment: Detecting and Protecting Against Data Integrity Attacks in Industrial Control System (ICS) Environments. The project scope is to assist manufacturing organizations in taking a comprehensive … Continue Reading

Employers and Wellness Plans: Questions about Quest Breach?

Last week, we wrote that Quest Diagnostics reported in a security filing that a collection agency performing collections for the company had suffered an intrusion that exposed almost 12 million individuals’ personal and financial information [view related post]. Another lab company reported days later that it was notified that the information of 8 million of … Continue Reading

Privacy Tip #194 – NSA Issues Alert to Microsoft Windows Users

Many individuals and not-for-profit organizations, including those in the health care industry, believe that they do not have the resources to update to the newest versions of software. However, the newest versions are introduced by manufacturers to patch older versions that have known security flaws and vulnerabilities. Microsoft Windows users have been warned repeatedly over … Continue Reading

Quest Diagnostics Reports Data Breach Affecting 11.9M Patients in Securities Filing

Another day in the healthc are industry, another big data breach. This week, Quest Diagnostics announced in a security filing with the Securities and Exchange Commission, that a collection agency vendor that it uses for collection services notified it that for eight months, an unauthorized user had access to Quest patients’ records, including credit card … Continue Reading

CCPA Update

We have been watching all of the activity around the proposed amendments to the California Consumer Privacy Act (CCPA) to see where the law settles to assist with compliance. Not surprisingly, but nonetheless important to know, is the fact that the California Assembly on May 29, 2019, unanimously passed an amendment to CCPA that excludes … Continue Reading

Health Care and Manufacturing Industries Still Threatened by WannaCry

Although many thought that WannaCry was in the rear view mirror, a recent report by Artemis, based on client experience, found that health care organizations and manufacturing companies are still being hit with the ransomware that affected hundreds of thousands of machines in 2017. According to the report, 40 percent of Artemis’ health care clients … Continue Reading

Questions to Consider Asking Your Broker About Cyberliability Coverage

One of the first questions we ask our clients when they call about a security incident is whether they have insurance that may cover the costs associated with investigating the incident, potential forensic analysis, and coverage for a data breach. Sometimes the client will say “Yes, we have cyber coverage.” However, when reviewing the coverage … Continue Reading

Privacy Tip #192 – Combating Robocallers: California AG Hits Scam Telemarketers with $1.5M in Judgments

Like many of you, I don’t answer my cell phone unless the number pops up as someone I know, because a majority of the calls I get are spam or robocalls. It’s so frustrating. Although these calls are probably a violation of the Telephone Consumer Protection Act (TCPA), the Federal Trade Commission (FTC) – the … Continue Reading

Model Rule for Securities Administrators Approved by NASAA

The North American Securities Administrators Association (NASAA) this week approved an information security model rule package aimed at improving the cybersecurity posture of the 17,543 state-registered advisers. The proposed model would require state-registered investment advisers to establish written cybersecurity policies and procedures designed to safeguard clients’ records and information, and to deliver its privacy policy … Continue Reading

Fully Executed Contracts are Preferred

We have been involved in several situations lately with security incidents where we ask our clients for the final executed contract with the vendor that we believe caused the incident, but the contract that we receive has not been fully executed by both parties. Without getting into the legal implications of not having a fully … Continue Reading

Privacy Tip #191 – Trying to Protect Your Medical Information—Let’s Ask Questions About Data Security

In the top three of the list of highly sensitive personal data to be concerned about is our medical information. It’s so sensitive because it is so personal. It used to be that our medical information was located in paper charts at our doctor’s office, the hospital, the pharmacy and our health insurer. Now it’s … Continue Reading

FBI Flash: Ryuk Ransomware Continues to Attack U.S. Businesses

According to a recent FBI Flash, Ryuk ransomware has hit more than 100 U.S. companies since August 2018, with a “disproportionate impact on logistics companies, technology companies, and small municipalities.” The Flash, “provided in order to help cyber security professionals and system administrators to guard against the persistent malicious actions of cyber criminals,” seeks information … Continue Reading

Tech Company Execs Sweat Personal Liability for Privacy Violations

In the Privacy Law classes I teach in the Brown University Executive Masters of Cybersecurity and at Roger Williams University School of Law, we discuss the enforcement authority that the Federal Trade Commission (FTC), the Office for Civil Rights (OCR) and other federal and state agencies have over data privacy and security, including how effective … Continue Reading

Privacy Tip #190 – Internet of Medical Things (IoMT)

These days, pretty much everyone is aware of potential security incidents and the risks involved with Internet of Things (IoT) devices because security was not built into the device during the manufacturing process, but there is less awareness of the risks associated with the Internet of Medical Things (IoMT). Just like IoT devices, such as … Continue Reading

Hotel Chain Hit with Class Action Alleging “Misuse” of Biometric Data

Hotel chain Fillmore Hospitality, LLC is the latest target of a proposed class action complaint filed this week, alleging violation of the Illinois Biometric Information Privacy Act (BIPA). We don’t usually discuss the specific allegations in BIPA cases, but since they continue to populate the litigation landscape, we thought it would be instructive to take … Continue Reading

City of Baltimore Shuts Down Servers Following Ransomware Attack

Another city, another ransomware attack. Cities and municipalities continue to be targeted with ransomware campaigns. Fortunately, in this case, essential services such as fire, police, Emergency Medical Services and 311 service were still operational despite the attack. According to a tweet by Mayor Bernard Young, Baltimore shut down its servers in response to the ransomware … Continue Reading

Phishing Continues to Be Seen as Biggest Cybersecurity Threat to Companies

According to a recent survey of cybersecurity professionals by AT&T Cybersecurity entitled “Confidence: the perception and reality of cybersecurity threats,” phishing and cloud security threats are keeping them up at night. The survey polled 733 cybersecurity professionals attending the RSA conference and asked the respondents about what they perceive to be the biggest internal and … Continue Reading

Limitation of Liability

I continuously confront vendors who say I am “the only” lawyer who objects to limitation of liability provisions that attempt to limit the liability of a security incident to the amount of the contract. That is very hard for me to believe. The value of the contract has no relevance to the actual damages and … Continue Reading
LexBlog