Linn Foster Freedman

Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

DHS Warns Businesses of Risk of Iranian-Backed Wiper Malware Attacks

The tension with Iran has generally increased, and it has been reported that the U.S. has launched a cyber-attack against Iran. In retaliation, the risk of Iranian-backed wiper malware attacks against U.S. businesses and government agencies has increased, according to the Department of Homeland Security (DHS). DHS recently issued a warning to U.S. businesses to … Continue Reading

Florida Municipalities Getting Hammered with Ransomware

Security researchers have warned municipalities repeatedly about how they are being targeted with ransomware, that they are at high risk, and the need to make data security a high priority. Municipalities are unfortunately only taking heed now that recent ransomware campaigns are in the news and bringing some municipalities to their knees [view related posts … Continue Reading

A Value Add to Employee Security Education: Mobile Apps

While we have been talking about the very important message of educating employees about data security, I find that giving employees tips about their personal data security keeps them interested and engaged during education sessions. It is surprising how little people in general, and employees specifically, know about their personal devices and the security of … Continue Reading

Privacy Tip #196 – Free Credit Monitoring for Active Duty Military and National Guard Personnel

Part of the 2018 Economic Growth, Regulatory Relief, and Consumer Protection Act (which amended the Fair Credit Reporting Act) included a provision requiring credit reporting agencies (CRAs) to provide free electronic credit monitoring services to active duty military personnel. CRAs are required by law to notify active duty military consumers about any “material” additions or … Continue Reading

Customs + Border Patrol Vendor’s Network Compromises Images and License Plate Data

The United States Customs and Border Patrol (CBP) admitted last week that personal information that it collected from travelers crossing the U.S. borders was exposed in a “malicious cyber-attack” against one of its vendors. It is being reported that one of CBP’s subcontractors “illegally transferred” to its internal network almost 100,000 photographic images of travelers … Continue Reading

Privacy Tip #195 – Evite Announces Breach of Account Information of 10 Million Users

If you use Evite for e-invitations or social planning purposes, be aware that it announced last week that the account information for up to 10 million users has been compromised and is for sale on the Dark Web. According to Evite, the information compromised included users’ names, usernames, passwords, dates of birth, telephone numbers, mailing … Continue Reading

NCCoE Seeks Comment from Manufacturing Sector for Industrial Control Systems

Protection of industrial control systems is crucial to the security of our country. The National Cybersecurity Center of Excellence (NCCoE) has announced a project for which it is seeking comment: Detecting and Protecting Against Data Integrity Attacks in Industrial Control System (ICS) Environments. The project scope is to assist manufacturing organizations in taking a comprehensive … Continue Reading

Employers and Wellness Plans: Questions about Quest Breach?

Last week, we wrote that Quest Diagnostics reported in a security filing that a collection agency performing collections for the company had suffered an intrusion that exposed almost 12 million individuals’ personal and financial information [view related post]. Another lab company reported days later that it was notified that the information of 8 million of … Continue Reading

Privacy Tip #194 – NSA Issues Alert to Microsoft Windows Users

Many individuals and not-for-profit organizations, including those in the health care industry, believe that they do not have the resources to update to the newest versions of software. However, the newest versions are introduced by manufacturers to patch older versions that have known security flaws and vulnerabilities. Microsoft Windows users have been warned repeatedly over … Continue Reading

Quest Diagnostics Reports Data Breach Affecting 11.9M Patients in Securities Filing

Another day in the healthc are industry, another big data breach. This week, Quest Diagnostics announced in a security filing with the Securities and Exchange Commission, that a collection agency vendor that it uses for collection services notified it that for eight months, an unauthorized user had access to Quest patients’ records, including credit card … Continue Reading

CCPA Update

We have been watching all of the activity around the proposed amendments to the California Consumer Privacy Act (CCPA) to see where the law settles to assist with compliance. Not surprisingly, but nonetheless important to know, is the fact that the California Assembly on May 29, 2019, unanimously passed an amendment to CCPA that excludes … Continue Reading

Health Care and Manufacturing Industries Still Threatened by WannaCry

Although many thought that WannaCry was in the rear view mirror, a recent report by Artemis, based on client experience, found that health care organizations and manufacturing companies are still being hit with the ransomware that affected hundreds of thousands of machines in 2017. According to the report, 40 percent of Artemis’ health care clients … Continue Reading

Questions to Consider Asking Your Broker About Cyberliability Coverage

One of the first questions we ask our clients when they call about a security incident is whether they have insurance that may cover the costs associated with investigating the incident, potential forensic analysis, and coverage for a data breach. Sometimes the client will say “Yes, we have cyber coverage.” However, when reviewing the coverage … Continue Reading

Privacy Tip #192 – Combating Robocallers: California AG Hits Scam Telemarketers with $1.5M in Judgments

Like many of you, I don’t answer my cell phone unless the number pops up as someone I know, because a majority of the calls I get are spam or robocalls. It’s so frustrating. Although these calls are probably a violation of the Telephone Consumer Protection Act (TCPA), the Federal Trade Commission (FTC) – the … Continue Reading

Model Rule for Securities Administrators Approved by NASAA

The North American Securities Administrators Association (NASAA) this week approved an information security model rule package aimed at improving the cybersecurity posture of the 17,543 state-registered advisers. The proposed model would require state-registered investment advisers to establish written cybersecurity policies and procedures designed to safeguard clients’ records and information, and to deliver its privacy policy … Continue Reading

Fully Executed Contracts are Preferred

We have been involved in several situations lately with security incidents where we ask our clients for the final executed contract with the vendor that we believe caused the incident, but the contract that we receive has not been fully executed by both parties. Without getting into the legal implications of not having a fully … Continue Reading
LexBlog