Linn Foster Freedman

Photo of Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Latest Articles

The Oregon Department of Human Services (DHS) announced late last week that nine of its staff members had fallen victim to a phishing campaign and that their email boxes were compromised on January 8, 2019. The intrusion was discovered on January 28, 2019. When the intrusion was discovered, the staff members’ changed their passwords to stop the access and an investigation commenced. Following the investigation, it was learned that over two million emails were involved,…
The headlines of hacking incidents against counties, cities and towns are racking up like the retail space was several years ago. The hackers have targeted state and municipalities to wreak their havoc. This week, Orange County, NC was hit with a ransomware attack that brought it to its knees. As a result of the attack, the entire county computer network was shut down, which meant that the Register of Deeds could not process real estate…
On the heels of working with clients on compliance with the European Union’s General Data Privacy Regulation (GDPR) and the rapidly evolving landscape of data privacy and security laws and regulations, the next hurdle to set compliance sights on for organizations is the California Consumer Privacy Act (CCPA). We have previously outlined the requirements of the CCPA in several posts [view related posts]. Now is the time to be thinking about, assessing and determining…
In the midst of unending robocalls, news of big tech companies collecting, using and monetizing consumers’ information, and hackers and scammers, we forget that anyone is doing anything to protect our privacy. Only somewhat comforting against that backdrop is the Federal Trade Commission’s (FTC) annual report on its privacy and security work, which was released last week. The 2018 Privacy and Data Security Update, outlines all of the enforcement actions the FTC concluded in…
Security researchers at Adversis have discovered that dozens of companies have inadvertently leaked corporate and customer data through their Box enterprise storage accounts because staff are sharing public links to their private corporate files. According to the researchers, data stored in Box enterprise accounts is private by default, but if users share the files or folders, the data can be publicly accessible. The researchers found that when they used a script to scan for Box…
Cities and towns continue to be a profitable target for successful ransomware attacks. As we previously reported [view related posts], the list of cities and towns getting hit with ransomware attacks continues to grow. Last week, Jackson County, Georgia admitted that it paid hackers $400,000 to obtain access to its information that was locked down by a ransomware attack. The ransomware attack locked agencies out of almost all of their systems, including the sheriff’s…
According to the 2019 Verizon Insider Threat Report, 20 percent of all cybersecurity incidents and 15 percent of data breaches in 2018 were caused by insiders—that is, employees or partner organizations. The reasons for these threats included financial gain (to use or sell company data to make money—47.8 percent), pure fun (23.4 percent) and espionage (14.4 percent). The report lists five categories of insider threat actors: The Careless Worker—who misappropriates resources, installs unauthorized apps…
In another round of warnings from the federal government on protecting yourself from tax return fraud and identity theft, the Internal Revenue Service (IRS) has issued its 2019 “Dirty Dozen” Campaign, designed to warn individuals about the most common tax-related phishing schemes that are focused on tax fraud and identity theft. During tax season, cyber criminals work around the clock to locate and dupe consumers into giving them information they need in order to file…
Cybersecurity company Carbon Black recently issued a report of the results of a survey of chief information security officers (CISOs) of financial organizations, which showed that the financial industry is getting hammered by more frequent and sophisticated cyber-attacks. Carbon Black partnered with Optiv to survey banks and financial institutions around the world. According to the survey, two-thirds of the CISOs in the financial sector who responded to the survey said there has been an increase…
During a dispute between parties, or in the middle of a security incident, is not the best time to determine whether you have sufficient contractual provisions in place with a customer or vendor. Lately, I have been asking clients these questions: “Do you have a contract in place and what does it say about ‘this?’” or “What are our obligations under our contract with the customer?” or “What does the vendor have to tell us…