Linn Foster Freedman

Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

Privacy Tip #162 – Cybersecurity Help for Small Businesses

Small businesses are targeted by hackers because they often do not have the resources to stay abreast of new schemes, or to protect against them with the latest technology or security solutions. Small businesses have historically struggled with data security, so any help is always welcome. Recognizing that small businesses struggle with data security, the … Continue Reading

SEC Report Cautions Companies to Consider Cyber Threats with Internal Controls

The Securities and Exchange Commission (SEC) this week issued an investigative report that outlined cyber incidents that nine public companies had experienced, causing fraudulent losses totaling more than $100 million. The conclusion of the report is that public companies “should consider cyber threats when implementing internal controls.” The investigations focused on business email compromises where … Continue Reading

Anthem Settles with OCR for $16M for 2015 Data Breach

The Department of Health and Human Services Office for Civil Rights (OCR) announced this week that it has settled the largest health care data breach for the largest enforcement fine in history. OCR settled the massive data breach Anthem suffered in 2015 for $16 million—a substantially larger fine than any others assessed by OCR for … Continue Reading

Office 365 Migration

Many companies are migrating their email systems to Microsoft Office 365 (O365). The majority of security incidents in which we have been engaged in over the past six months involve a hacker successfully phishing an employee of the company (most of the time someone who is an executive in the company) and then spoofing the … Continue Reading

Consumers Mixed on Retailers’ Use of Facial Recognition Technology

Many consumers are unaware that retailers use facial recognition technology in retail stores to monitor shoppers and prevent shoplifting. Consumers see cameras in retail stores and assume it is to monitor for shoplifting and theft, but many are unaware that facial recognition technology is used so their actual identity can be determined while they are … Continue Reading

FTC Settles with Four Companies over Privacy Shield Certification

In the wake of the determination by the European Commission that the EU-US Safe Harbor Framework was insufficient to protect EU citizens’ personal information, the Privacy Shield Framework was implemented by the Department of Commerce. Companies who apply for Privacy Shield certification are required to file an application, which requires the companies to attest to … Continue Reading

FDA Announces Playbook for Medical Device Cybersecurity

On October 1, 2018, the Food and Drug Administration (FDA) issued its “Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook” to address continued threats to medical devices that could affect patient safety. The 32 page playbook, developed by MITRE Corp., states that “the purpose of the playbook is to serve as a tool for … Continue Reading

Hacker Hits Toyota Industries N.A.

Toyota Industries North America (TINA) has discovered that a hacker was able to access its corporate email system, compromising the personal and protected health information of approximately 19,000 individuals, apparently most of whom were employees. The data that was potentially compromised included health insurance information, names, addresses, dates of birth, financial information, Social Security numbers, … Continue Reading

Privacy Tip #159 – Consider Risks When Using Facebook and Other Social Media Platforms

Facebook announced late last week that it had suffered the largest breach in its history with 50 million accounts were compromised, and another 40 million accounts affected. Yes, that equals 90 million accounts. If you use Facebook and were locked out of your account over the weekend, your account was most likely affected. The 50 … Continue Reading

California Tackles IoT Security with New Bill

The State of California is once again leading the way with trying to keep up with technology and protecting consumers. Senate Bill 327 requires Internet of Things (IoT) developers to implement “reasonable security features” in IoT products, such as baby monitors, televisions, automobiles, home appliances, fitness monitors, home security systems, and the like. This is … Continue Reading

Two More Companies Sued Under Illinois Biometric Law

Two more companies are under fire for alleged violations of the Illinois Biometric Information Privacy Act (BIPA).  Loews Hotel in Chicago was recently sued in the Circuit Court of Cook County for allegedly violating BIPA by collecting employees’ biometric information and sharing it with third parties without the employees’ consent. According to the suit against … Continue Reading

Uber Settles Data Breach Case With All 50 State AGs for $148 Million

Yesterday (September 26, 2018), Uber Technologies Inc. agreed to finish inquiries of all 50 states of its 2016 data breach by paying $148 million in different amounts to all 50 states and the District of Columbia. The settlement concludes the investigations into the data breach, which occurred in 2016 when hackers absconded with the personal … Continue Reading

Schneider Electric USBs Infected with Malware

Schneider Electric recently issued a consumer warning that it mistakenly shipped USB drives to its customers that were infected with malware. Schneider Electric stated in its alert that “Schneider Electric has determine that some USB removable media shipped with [two products] were contaminated with malware during manufacturing by one of our suppliers.” According to the … Continue Reading

Ohio Passes Law Providing Safe Harbor for Businesses Suffering Data Breach

The Ohio legislature recently passed S.B. 220, which gives businesses that suffer a data breach an affirmative defense against tort claims brought in class action suits. The law goes into effect on November 2, 2018. Basically, the law gives the business a safe harbor if the business implements and complies with “a recognized cybersecurity framework.” … Continue Reading

Choice Hotels Sued for Failing to Provide Information about Accessibility to Users

Choice Hotels International Inc., was recently sued for failing to provide disabled users with information about its rooms’ and grounds’ accessibility. The suit, referencing the Comfort Inn in Gainesville, Florida, states that the hotel’s online reservation system fails to provide users with information about the accessible features for those using wheelchairs or canes. According to … Continue Reading

Privacy Tip #157 – Protect Yourself From Utility Scams

The recent tragedy with gas customers in Massachusetts has everyone focused on their utilities. Which makes it a perfect time for scam artists to take advantage of worried customers—both individuals and small businesses. One scam making headway is when a fraudster calls a customer over the telephone telling them that their water, electricity or gas … Continue Reading

HHS Issues Limited Waiver Following Hurricane Florence

As Hurricane Florence was making landfall, Department of Health and Human Services Secretary Alex Azar issued HIPAA guidance that outlined when hospitals in declared state of emergency areas can qualify for a waiver of certain provisions of the HIPAA Privacy Rule, including fines and penalties. According to the guidance, “the HIPAA Privacy Rule allows patient … Continue Reading

Vicious Kronos Variant Osiris Malware Recently Released and Proving Dangerous

We all remember Kronos—the malicious malware that was sold by Russian underground forums in 2014 for $7,000. If you bought it, you were promised updates and development of new modules. The Kronos developers recently released a new update (dubbed Osiris), which is presently attacking individuals in Germany, Japan, and Poland, with the U.S. in the … Continue Reading
LexBlog