Linn Foster Freedman

Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

CFPB Stops Collecting Personal Information in Light of Cybersecurity Concerns

The Consumer Financial Protection Bureau, one of the watchdogs of the financial services industry, has announced through Acting Director Mick Mulvaney, that it will no longer collect personal information of consumers due to cybersecurity concerns and in an effort to improve the CFPB’s cybersecurity program. According to Mulvaney, the Inspector General’s report this year about … Continue Reading

Privacy Tip #117 – How to Check to See if Your Personal Information is Being Sold On the Dark Web

People always ask me what hackers do when they are able to obtain our personal information, including our Social Security numbers. There are many things hackers use our information for, some of which include filing false tax returns in our name to obtain fraudulent tax refunds, opening up new credit card accounts and other credit … Continue Reading

Intel Bug Affects Millions of Devices

Intel has confirmed that a bug in its remote server management tool, known as Management Engine, which allows administrators of IT systems to remote access devices to apply updates or troubleshoot problems for users, allows unverified code to be run on Intel chipsets, so the intruder to gain control of devices. The Management Engine bug … Continue Reading

Cottage Health Pays $2M to CA AG for Data Breach

Cottage Health, a three hospital health care system located in California has agreed to pay the California Attorney General’s Office $2 million to settle allegations that it failed to implement data security safeguards to protect patients’ health information that was accessible online and indexed by search engines. In December 2013, it was discovered that one … Continue Reading

North Carolina DHS Notifies 6,000 of Data Breach of Drug Testing Information

The North Carolina Department of Health and Human Services has notified close to 6,000 individuals that a spreadsheet containing the names, Social Security numbers and test results for routine drug testing for employment, internships and volunteer opportunities was sent via an unencrypted email to a vendor in error. Misdirected emails are a frequent occurrence and … Continue Reading

Privacy Tip #116 – Insider Error or Threat Continue to Cause Data Breaches

You continue to hear that your employees are your biggest risk when it comes to causing a data breach. Recent incidents that we have been involved in that were caused by employee error include: lost or stolen unencrypted laptops, phones or removable media; downloading sensitive information onto thumb drives or USB drives and losing them; … Continue Reading

Pentagon Web Monitoring Data Exposed

Security researcher Chris Vickery has confirmed that web-monitoring data from the Department of Defense (DOD) was exposed through Amazon Web Services by the way the DOD configured access by authorized users. According to Vickery, anyone with a free AWS account had access to the DOD information, which included 1.8 billion internet posts that had been … Continue Reading

Locky Ransomware Variant Difficult to Detect

We previously warned readers about the Locky ransomware, which is potent and designed to use phishing emails to lure users to click on links and attachments, including pdfs. Now, researchers at Cylance have discovered that a new Locky variant, known as Diablo6, is a variant of Locky, but much more difficult to detect. According to … Continue Reading

Data Breach Costs an Average of $3.6 Million

There have been a myriad of research studies attempting to come up with the “cost” of a data breach. The most recent, released by AT&T, estimates that it costs organizations $3.6 million to recover from a data breach. The AT&T team surveyed 700 IT professionals in all industry sectors, and found that the biggest risks … Continue Reading

Privacy Tip #114 – Your Email May Have Been Hijacked and You Don’t Know It

A new study by Google, the University of California Berkeley and the International Computer Science Institute has concluded that email users are being threatened by massive credential theft and phishing schemes are the primary way hackers are stealing credentials. According to the study, phishing victims are 400 times more likely to have their email accounts … Continue Reading

CFPB Releases Principles for Financial Services Industry for Sharing Data

The Consumer Financial Protection Bureau(CFPB) recently issued principles for the access and disclosure of sensitive data in the financial services industry. The CFPB referred to the guidelines as principles instead of regulations so fintech and other firms can innovate while protecting consumers’ information, and give consumers the ability to consent to the sharing of information … Continue Reading

Maryland Data Breach Notification Law Updated: Effective 1/1/18

The Maryland Personal Information Protection Act has been updated and the new provisions are effective January 1, 2018. The new law expands the definition of personal information that is protected under the statute. Presently, the definition of personal information includes a Maryland resident’s first and last name or initial and last name along with: a … Continue Reading

OCR Clarifies Privacy Rule for Sharing PHI on Opioid Overdoses

In the wake of the national opioid overdose crisis, the Office for Civil Rights (OCR) has provided clarification on when covered entities are permitted to disclose patient information during opioid emergencies. The OCR commented that some health care providers believe that they must have the patient’s consent in order to share information with family members … Continue Reading
LexBlog