Five Questions With: Linn F. Freedman

"It is really the wild, wild west, which makes it an exciting area to practice in."

Linn F. Freedman joined Robinson & Cole LLP in March, and is based in the firm’s Providence office where she heads its data privacy and security team. The team is comprised of lawyers and IT professionals with experience in data privacy and security issues. Freedman talked about the team and her role with Providence Business News.

PBN: Tell me about the data privacy and security team – why was it formed?
I was recruited by Robinson & Cole LLP to lead the team as a direct response to our clients’ increased needs for data privacy and security counseling. We have lawyers and technologists in the firm who have knowledge and experience in this area, and I have organized them into a team with different focus areas, so when a client has a need, we know who the right person is to jump in and can fill that client’s need immediately. We are expanding our capabilities so clients can rely on us to fill all of their needs. Companies in all industries are struggling to protect their data. As can be seen with the recent high profile data breaches, it is a high risk area that companies are trying to get a handle on to reduce their risk of exposure. The laws in this area are new and rapidly changing, so companies need counsel experienced in navigating this complex area of the law. Because Robinson & Cole LLP has a team in place that has years of knowledge and experience, we can help our clients with all of the challenges they face with compliance, emergency data breach response and proactively protecting their data.

PBN: Is this an area that is growing for the law industry?

FREEDMAN: I have been involved in data privacy and security law for the past 16 years, starting with the electronic transmission of health information across state lines, and this industry, mostly because of the explosion of the use of the Internet and the capabilities to collect and use big data, has grown dramatically. The law has not been able to keep up with technology, so we are using old laws and trying to retrofit them to be applicable to new technology. It is really the wild, wild west, which makes it an exciting area to practice in, but also a scary area as there isn’t a lot of precedence. We are watching the laws and cases very closely. I spend the first hour or two every day looking to see what the new law and cases are in this area from yesterday. There aren’t many areas of law that are changing so quickly.

- Advertisement -

PBN: How did this become an area of expertise for you?

FREEDMAN: I started in the data privacy and security area in 1999 when I was working at the attorney general’s office with Sheldon Whitehouse. At the time, I was responsible for health care policy and he convened health care stakeholders in Rhode Island to form the Rhode Island Quality Institute (RIQI), which developed one of the first five statewide health information exchanges in the country. After I left the AG’s office, I became general counsel for RIQI and together we grappled with many legal firsts relating to the safe sharing and exchanging of health information. Between 2003 and today, as the digital world blossomed, more and more laws were promulgated, and I became knowledgeable of the laws and gained experience as we helped clients navigate both federal and state laws applicable to data privacy and security. I have been practicing exclusively in this area ever since.

How can the team help clients – what are some of the main privacy/security issues clients are experiencing?

FREEDMAN: The most obvious assistance we provide is emergency data breach response. We assist clients with determining whether a breach has occurred, getting forensic teams in place as necessary, the legal responsibilities for notification of individuals and regulatory authorities, as well as assist with litigation following a breach and regulatory investigations by state and federal regulators. That is a big part of our practice. What we prefer to do is help companies map their high risk paper and electronic data, help them put policies, procedures and practices in place to protect the data, assist with regulatory compliance and put training in place to make sure employees are aware of how easy it is to make a mistake and cause the company a terrible situation. It is always more satisfying to help a client proactively than following a data breach, as a data breach is a very stressful experience for a client. I have so much sympathy for clients when they are going through that experience.

Some of the biggest compliance issues that we are helping clients with today are compliance with the Telephone Consumer Protection Act—which is a hotbed of class action litigation right now—and companies are unaware of their compliance obligations if their sales and marketing force wants to market to residential or cell phones; safe harbor compliance for global companies to transfer data to the U.S. from another country; compliance with data security laws in Massachusetts, California and the new requirements in Connecticut and Rhode Island; and vendor management. Companies also need to stay on top of compliance for their website and mobile apps, and we have a lot of activity in that area right now.

PBN: How do you help clients protect their data?

FREEDMAN: The process is called implementing an enterprise wide data privacy and security program. The first step is for a company to know where all of their high risk data is (paper and electronic) and to get a handle on who has access to it and how it is being used and transmitted. We have tools to assist clients with figuring that out. Then we assist with what I call “Fort Knoxing” the data. It is important for companies to complete a security risk assessment so they can figure out where their security gaps are. Then they can fill in each gap and work to protect the data going forward. We help put processes in place, get appropriate vendors in to assist, put an internal team in place that has responsibility to implement and update the program and train employees on the program. To me, training employees is one of the most important aspects of an effective program, because despite the recent cyber-hackings, employees are still a huge risk for companies when it comes to data protection. I love telling employees all of my real life stories from over the years—it makes it interesting and very effective —because they can’t believe some of the stories!

No posts to display