Photo of Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

According to cybersecurity researchers at Bishop Fox, “hundreds of thousands” of FortiGate firewalls have not been patched against a known vulnerability and are at risk of being attacked by threat actors using the unpatched vulnerability.

TechRadar is reporting that the firewalls are vulnerable to CVE-2023-27997, and a patch has been issued by Fortinet to address

The Rhode Island General Assembly amended the state’s data breach law, known as the Rhode Island Identity Theft Protection Act (Act) that makes significant changes to notification requirements for state and municipal agencies in the event of a data breach.

The Act requires state agencies and municipalities to notify the State Police of an incident

BNSF Railway, previously hit with a $228 million jury award for violating the Illinois Biometric Information Privacy Act (BIPA) when collecting fingerprints of employees, was recently awarded a new trial to determine damages. Although many cases alleging violations of BIPA have previously been settled, this case was the first to go to trial.

The jury

CISA and FBI have issued a joint advisory on the MOVEit transfer vulnerability that should be on the radar of CISOs and IT professionals. The CLOP ransomware organization has been reportedly exploiting an SQL injection vulnerability in the MOVEit solution. According to the joint advisory, “Internet-facing MOVEit Transfer web applications were infected with a web

Montana Governor Greg Gianforte has signed SB 351, the Genetic Information Privacy Act (GINA), which “requires an entity to provide consumer information regarding the collection, use, and disclosure of genetic data; providing for limitations and exclusions; providing for enforcement authority; and providing definitions.”

GINA requires entities that collect genetic data, defined as:

any data, regardless

EyeMed Vision Care, LLC has agreed to settle allegations lodged against it by four state Attorneys General for $2.5 million stemming from a data breach that occurred in 2020 and effected 2.1 million people.

The settlement is with the AGs of Florida, New Jersey, Oregon, and Pennsylvania. The breach occurred when threat actors infiltrated EyeMed’s

On May 16, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released three advisories applicable to Industrial Control Systems (ICS). The Alerts cover vulnerabilities of Snap One OvrC Cloud, Rockwell ArmorStart, and Rockwell Automation Factory Talk Vantagepoint.  

The Snap One vulnerabilities, if exploited, “could allow an attacker to impersonate and claim devices, execute arbitrary