Linn Foster Freedman

Photo of Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Latest Articles

Cybercriminals have launched a new campaign that not only requires the victim to pay a ransom to have their data decrypted, but when the victim is directed to a PayPal account to pay the ransom to get the decryption key to unlock the data, the PayPal account page is fake and when the victim lands on the fake page, the criminals steal their account login credentials. On top of that, when the victim puts the…
A federal magistrate judge in California has ruled that law enforcement personnel may not require suspects to unlock their phones with biometric identifiers like a fingerprint, iris scan or facial recognition, saying the practice is unconstitutional. The decision followed the request for a search warrant in an extortion case. The prosecutors asked for an order to search digital devices in a residence and to require any individuals present in the residence to unlock the devices…
Although the Massachusetts Data Security Regulations went into effect March 1, 2010, I still find that many companies have not implemented a Written Information Security Program (WISP) and don’t know that they are required to do so. According to the regulations, any companies or persons who store or use personal information of a Massachusetts resident must develop and implement a WISP that outlines the measures the company is taking to protect the personal information of…
We previously cautioned that telephone companies sell customer data to third parties, including location data [view related posts here]. Last year, the telecom industry pledged to stop the practice after pressure by members of Congress. Earlier this month, Joseph Cox of Motherboard released I Gave a Bounty Hunter $300. Then He Located Our Phone and outlined how he gave the individual his phone number and the individual (called a bounty hunter) was able to…
Marriott International Inc. has released new numbers relating to its Starwood Hotel’s reservation database by stating that 5 million passport numbers were stolen in the database. After further investigation, Marriott states that the information for fewer than 383 million guests (as opposed to 500 million) were exposed. The data that was compromised of these guests include combinations of names, addresses, telephone numbers, email addresses passport numbers, Starwood Preferred Guest account information, gender, date of birth…
Neiman Marcus Group LLC has settled an investigation of its 2013 data breach with 43 states and the District of Columbia for $1.5 million. The data breach involved 370,000 credit cards, where 9,200 of the cards were used in a fraudulent manner [view related posts]. Illinois Attorney General Lisa Madigan, and Connecticut Attorney General George Jepsen led the investigation on behalf of the other AGs. As a result of the settlement, the AGs in…
A lawsuit filed late last week by Los Angeles City Attorney Michael Feuer alleges that TWC Product and Technology LLC (TWC), the company behind The Weather Company App, is collecting, disclosing, selling and monetizing users’ information without their consent. According to the lawsuit, the weather app tracks real time geolocation data on 45 million users and sells that data to third parties for commercial use, advertising and profit. The lawsuit alleges that the app tracks…
Just before the new year, the Department of Health and Human Resources (HHS) released voluntary cybersecurity practices for health care organizations, which consists of a main document, two technical volumes, and resources and templates that were compiled by more than 150 cybersecurity and health care experts. The publication, Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, took two years to complete, and was in response to requirements set forth in the Cybersecurity Act of…
Clearwater Compliance’s newest CyberIntelligence Insight Bulletin concludes that the top three cybersecurity risks for the health care industry, which accounts for 36.8% of reported critical risk incidents include: 1) user authentication deficiencies, including storing passwords in obvious places where others can find them such as on the computer monitor or under the keyboard, using generic user IDs and passwords that can be compromised and emailing user credentials unencrypted; 2) endpoint leakage; and 3) excessive user…
Dataresolution.net, a cloud hosting provider that reportedly supports over 30,000 businesses worldwide appears to be another recent victim of the Ryuk ransomware and is reportedly responding to the attack which occurred on Christmas Eve. It is being reported that the attack is from North Korea. The attack appeared to allow the attackers to gain control of Data Resolution’s data center domain and locked the company out of its system for a brief time. The company…