Key Contacts

Linn Foster Freedman, Partner
Leader, Privacy & Data Protection Group
Chair, HIPAA Compliance Group
Chair, Health Information Technology (HIT) Team
lfreedman@nixonpeabody.com
401-454-1108

View all contacts . . .

Privacy & Data Protection

Related Services

Hot Topics

Brochures

Data Privacy and Security/Data Breach Response

PRIVACY & DATA PROTECTION

More than ever before, companies are faced with data privacy issues. Many countries have enacted privacy and data protection laws and regulations that impact the creation, management, and transfer of information—particularly, sources of information that contain personal data. While these requirements vary greatly from jurisdiction to jurisdiction and from industry to industry, the global trend has been towards stricter enforcement and the imposition of increasingly severe penalties for violations.

Addressing these overlapping requirements requires adopting a risk management approach to precisely frame the purpose and means for the collection, processing, and transfer of personal data throughout the organization. To assist our clients in meeting these challenges, Nixon Peabody has a global team of lawyers with extensive experience developing defensible—and reasonable—approaches to comply with these varied requirements. Our attorneys are experienced in a wide range of data security, online security, and privacy issues and have an in-depth knowledge of the state, federal, and international laws and regulations that surround these issues.

Data privacy services

Our comprehensive services include: privacy, security, and data protection; records and information management; health care privacy and compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH); employee privacy and social media; consumer privacy; and data security/data breach response.

We have advised clients in the following areas:

Developing written information security policies and procedures (WISPs) in compliance with the Massachusetts data regulations
Developing approaches to comply with various U.S. and international privacy requirements, including safe harbor application
Development of information privacy and security plans and policies
Compliance with U.S. and industry-specific privacy and data protection regulations
Development of HIPAA and HITECH policies, procedures, and employee awareness training
Data breach response, remediation, and coordination
Data breach litigation
Data breach investigations by the U.S. Office for Civil Rights
Data breach investigations by state regulatory authorities
Guidance regarding the privacy and data protection implications associated with the deployment of communication and data storage technologies
Audit and assessment of current data privacy and security policies and practices
Website privacy policies
Social media policies, practices, and procedures

Knowledgeable team

Our team includes experienced corporate and transactional lawyers, HIPAA and HITECH professionals, and intellectual property, trial, and regulatory attorneys. Nixon Peabody attorneys are knowledgeable about state data security laws and frequently publish and lecture on data privacy and security and breach response. One of our attorneys is a Certified Information Privacy Professional. Drawing upon experience across multiple industries and traditional practices (such as health care, intellectual property, and labor and employment), we can provide service in the many different areas that involve privacy and data security issues including:

Corporate information management governance
Consumer privacy
Employee privacy and social media in the workplace
Data security/data breach response
Health care privacy
Managing e-discovery

Representative experience

State data security issues: counseled clients in multiple states regarding individual state requirements
Represented numerous companies with data breach responses
Providing privacy and security strategy and response for numerous health care entities involved in the theft or loss of sensitive personal and health information of patients, including notification and interaction with federal and state authorities
Representing numerous companies with data breaches, including a multistate retailer in connection with a data breach and a subsequent investigation by the Federal Trade Commission
Counseled clients regarding (i) disclosure requirements under Massachusetts data breach law (M.G.L. c. 93H) and (ii) requisite components of comprehensive written information security policy (WISP) mandated by Massachusetts data security regulations (effective March 1, 2010)
Provided privacy and security strategy and response for a large hospital involved in the theft of a laptop that contained sensitive personal and health information of patients
Represented several national employers with data breaches involving stolen laptops
Represented a large corporation in response to a hacking incident
Represented numerous hospitals and health care providers in responses to breaches
Represented various private colleges on data breaches and related issues
Representing a records management company in federal court litigation over the loss of more than 1 million patient records that included protected health information
Representing numerous clients in investigations by the Office for Civil Rights
Representing a national medical device company with privacy and security issues

Thought Leadership/Alerts

OCR settles another breach case for $400,000 for violations of the Security Rule
HIPAA Law Alert | May 24, 2013

Webinar Recording: Mobile Apps Special Alert
Originally recorded May 9, 2013 | May 16, 2013

. . . View all . . .

Webinar Recording: What the HIPAA Omnibus Rule means for you—Your questions answered
Originally recorded March 11, 2013 | March 15, 2013

Google settles for $7 million with 38 states over gathering personal data from unsecure WiFi networks
Privacy Alert | March 14, 2013

FTC settles with mobile device manufacturer for failure to secure & protect consumers' personal data
Privacy Alert | March 7, 2013

The Use of Mobile Technology in the Practice of Medicine: Compliance Tips
February 14, 2013

Webinar Recording: It's here and it's mandatory: The HIPAA Omnibus Rule
Originally recorded February 5, 2013 | February 13, 2013

Federal banking regulators issue proposed guidance and seek comments on use of social media by banks, credit unions, and savings associations
Privacy Alert | February 11, 2013

FTC issues privacy and security guidance for mobile apps and cracks down on enforcement
Privacy Alert | February 5, 2013

FTC settles with cord blood bank for lax privacy practices and data breach
Privacy Alert | January 31, 2013

HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule
HIPAA Law Alert | January 23, 2013

FTC releases amendments to strengthen the Children's Online Privacy Protection Act and increase parental control over access to children's personal information
Privacy Alert | January 15, 2013

NLRB finds online discussion between non-union employees "protected activity"
Employment Law Alert | January 3, 2013

U.S. Restrictions on Commercial Social Networking
November 28, 2012

California attorney general warns mobile application developers of non-compliance with CalOPPA
Privacy Alert | November 6, 2012

New York adds new restrictions on the use of social security numbers
Employment Law Alert | October 26, 2012

FTC seeking comments on additional proposed revisions to Children's Online Privacy Protection Rule
Privacy Alert | August 8, 2012

First Circuit faults bank for "one-size-fits-all" approach to cyber security measures
Banking and Financial Services Litigation Alert | August 1, 2012

Consumers pay more for privacy in Maine
Privacy Alert | July 26, 2012

Canadian privacy law and U.S. companies doing business with Canadians
Privacy Alert | May 17, 2012

FTC issues final report on protecting consumer privacy
Privacy Alert | March 29, 2012

The Smart Grid: Privacy costs of the information jackpot
Privacy Alert | March 22, 2012

Computer assisted review approved by SDNY
Electronic Discovery and Evidence Law Alert | March 1, 2012

Data protection and privacy law in the EU: Comprehensive reform under discussion
Privacy Alert | February 27, 2012

Obama administration releases long-awaited consumer data privacy report
Privacy Alert | February 24, 2012

Be ready for the March 1, 2012, Massachusetts Data Security Regulations deadline
Privacy Alert | February 13, 2012

The Zubulake Preservation Standard Now Applies in the First Department
Electronic Discovery and Evidence Law Alert | February 13, 2012

Ontario court expands privacy-based remedies: Lessons for U.S. companies handling Canadian privacy data
Privacy Alert | January 31, 2012

Mobile devices and attorney ethics: What are the issues?
Privacy Alert | December 8, 2011

FTC settles two COPPA complaints
Privacy Alert | November 14, 2011

Changes in COPPA coming?
Privacy Alert | November 4, 2011

Seven Cautions to Consider While Courting the Cloud
September 12, 2011

French Parliament Requires That Internet Users Consent to the Use of Cookies
Privacy Alert | September 1, 2011

Federal Circuit Court raises standard for dismissal because of spoliation of evidence
E-Discovery and Evidence Law Alert | May 18, 2011

Reviewing redundancy requirements and service level agreements in light of the Amazon Cloud outage
M & A Advisor | April 27, 2011

Webinar Recording: Staying One Step Ahead: Avoiding Data Privacy & Social Media Pitfalls in the Digital Age
April 22, 2011

Webinar Recording: Avoiding Data Privacy & Social Media Pitfalls in the Digital Age
March 24, 2011

Another Must-Read Decision From Judge Scheindlin Regarding ESI
E-Discovery and Evidence Law Alert | March 3, 2011

Strong message from HHS/OCR with two HIPAA privacy rule enforcements within one week
HIPAA Law Alert | February 28, 2011

Department of Commerce proposes sweeping privacy reforms
Privacy Alert | December 20, 2010

Red Flag Program Clarification Act of 2010 passes in the House
Privacy Alert | December 10, 2010

Webinar Recording: The Boucher Bill
August 9, 2010

HHS withdraws breach notification rule from administrative review
HIPAA Law Alert | August 4, 2010

Dodd-Frank Act's creation of the Consumer Financial Protection Bureau leads to enhanced privacy safeguards for consumers and their pockets
Privacy Alert | August 3, 2010

Employer's right to audit text messages upheld
Privacy Alert | June 22, 2010

. . . Hide Thought Leadership. . .

Press

Chambers Recognizes Leading Nixon Peabody Attorneys and Practices
March 14, 2013

Chambers Gives High Marks to Nixon Peabody LLP
June 11, 2012

. . . Hide Press . . .

Media Clips

Final HIPAA Omnibus Rule Expands Law's Impact on Firms
New Hampshire Business Review | May 3, 2013
Providence partner and leader of the firm’s Privacy & Data Protection group Linn Freedman and Manchester partner and leader of the firm’s Commercial Litigation practice Scott O’Connell co-authored this article discussing the final HIPAA Omnibus Rule, which implemented sweeping changes to the Health Insurance Portability and Accountability Act.
11th Circuit says HIPAA protections trump Florida law
Reuters | April 12, 2013
Leader of the firm’s Privacy & Data Protection group and the HIPAA Compliance group Linn Freedman discusses a Court of Appeals ruling finding that the patient privacy protections in the federal Health Insurance Portability and Accountability Act of 1996 trumped a 1987 Florida law that requires nursing homes to provide the records to a deceased resident's spouse, guardian or attorney.
New HIPAA Rules Pose Challenges for Healthcare Industry
Reuters | March 18, 2013
Leader of the firm’s Privacy & Data Protection group and the HIPAA Compliance group Linn Freedman discusses the new Health Insurance Portability and Accountability Act (HIPAA) regulations announced by the Department of Health & Human Services. Click here to read the full article.

. . . View all . . .

The Use of Mobile Technology in the Practice of Medicine: Compliance Tips
Bloomberg BNA Health Law Reporter | February 12, 2013
Providence partner and leader of the firm’s Privacy & Data Protection group Linn Freedman authored this column highlighting practical tips for physicians and other health care providers to maximize the advantages of using mobile technology in their day-to-day practices while complying with privacy and security rules. Click here to read the article.
Red Alert
The American Lawyer | January 1, 2013
Partner and leader of the firm’s Privacy and Data Protection team Linn Freedman provides commentary about security issues for U.S. attorneys working and traveling abroad.
Newsmaker: Getting involved is first step to improving education
Providence Business News | December 24, 2012
Partner and leader of the firm’s Privacy & Data Protection team Linn Freedman is featured in this Q&A–style profile. The article focuses on Linn’s recent appointment to the board of the Women Entrepreneurs in Science and Technology and her other commitments outside the office.
Defending Big Data
Law Technology News | October 1, 2012
Partner and leader of the firm’s Privacy & Data Protection group Linn Freedman discusses the escalating accumulation of data and why attorneys, IT staff, and data professionals are paying closer attention to big data and its potentially thorny legal, ethical, and technological issues. Click here to read the article.
Privacy & Security: Enforcement activities have ‘increased dramatically'
CMIO (Chief Medical Information Officer) | August 15, 2012
Partner and leader of the firm’s Privacy & Data Protection group Linn Freedman is profiled in this two-part series discussing privacy and security issues as it relates to the health care industry.
‘Cloud' Advisory Puts Small Firms on Notice
Massachusetts Lawyers Weekly | August 13, 2012
Partner and leader of the firm’s Privacy & Data Protection practice Linn Freedman provides commentary on the ethics advisory opinion from the Massachusetts Bar Association on the use of Internet data storage providers, which has some small firms and sole practitioners taking a second look at “cloud” safety.
If You Have Clients in Canada, Its Privacy Law Applies to You
Rochester Business Journal | July 20, 2012
This “Law” column discusses how local organizations need to keep in mind Canada’s privacy law. Rochester Global Business & Transactions partner Jeff LaBarge and Buffalo Products counsel Ben Dwyer and Jacob Herstek authored the piece.
Lawyers Get Vigilant on Cybersecurity
Wall Street Journal | June 25, 2012
Los Angeles and San Francisco Government Investigations & White Collar Defense counsel Jason Gonzalez, a member of the firm’s Privacy & Data Protection group, provides commentary in this article discussing cybersecurity in the legal industry.
Freedman Strives for Online Security
Providence Business News | June 4, 2012
This feature story profiles Providence partner and leader of the firm’s Data Privacy team Linn Freedman as part of the annual “Business Women” awards program. The feature story highlights Linn’s legal career both in public and private practice.
Privacy-Law Issues Coming to Forefront
Buffalo Law Journal | April 26, 2012
Buffalo Products counsel Jacob Herstek, a member of the firm’s Data Privacy team, is quoted throughout this article discussing privacy law issues.
Human Capital: People on the Move
Boston Business Journal | April 16, 2012
Partner and leader of the firm’s Privacy & Data Protection group Linn Freedman is mentioned in this column for being appointed to the Advisory Board for Women Entrepreneurs in Science and Technology (WEST), a Massachusetts-based nonprofit that provides a leadership forum for women in science, engineering, and technology industries.
Smart Grid Data: Privacy Costs of the Information Jackpot
Bloomberg BNA Daily Report for Executives | March 15, 2012
This contributed article, authored by Buffalo Products counsel Jacob Herstek and Providence partner and leader of the firm’s Privacy & Data Protection group Linn Freedman, discusses a federal case that considered the collection of personal information by the smart grid. The article addresses why a legal resolution is necessary to keep pace with the technology.
Navigating Labyrinth of Data-Privacy Laws
Providence Business News | March 12, 2012
This guest column, authored by Providence partner and leader of the firm’s Data Privacy team Linn Freedman, discusses how organizations, especially in education, can navigate the complexities of data-privacy laws.
Mobile Devices and Attorney Ethics: What Are the Issues?
BNA The United States Law Week | December 6, 2011
This contributed article, co-authored by Los Angeles & San Francisco government investigations & white collar defense counsel Jason Gonzalez and Providence partner & leader of the firm’s Privacy & Data Protection Group Linn Freedman, discusses the ethical risks associated with attorneys’ use of mobile devices.

. . . Hide Media Clips . . .

Events

Webinar: Your play date with the Children's Online Privacy Protection Act: What to do now to comply by July 1
June 20, 2013

Cyber Threats & Cyber Realities: An institute on the legal and policy landscape of cyber risks—foreign and domestic
June 17, 2013

ACI 3rd Annual Health Care Privacy and Security Forum
May 22, 2013 | New York, NY

. . . View all . . .

Webinar: Mobile Apps Special Alert
May 9, 2013

PLUS Medical PL Symposium
April 11, 2013 | Chicago, IL

What the HIPAA Omnibus Rule means for you: Your questions answered
March 28, 2013 | Boston, MA

Annual Rhode Island CLE Seminar
March 19, 2013 | Providence, RI

Webinar: What the HIPAA Omnibus Rule means for you—Your questions answered
March 11, 2013 | Manchester, NH

What the HIPAA Omnibus Rule means for you: Your questions answered
February 27, 2013 | Providence, RI

Webinar: It's here and it's mandatory: The HIPAA Omnibus Rule
February 5, 2013 | Jericho, NY

Health Care IT Security and Governance in the Post-HITECH Age
January 29, 2013 | New York, NY

HIPAA Breaches—Lessons Learned
Are you Audit Ready? Survival Strategies and 22 Steps to Audit Readiness
January 22, 2013 | New York, NY

ACI Health Care Privacy and Security Forum
December 7, 2012

PKF North America Summit: Cyber Risks
November 12, 2012 | San Francisco, CA

Medical Records Law Conference
November 8, 2012 | Providence, RI

Mental Healthcare America (MHCA) Fall Conference
November 1, 2012

Devices and Mobile Technology: A New Challenge for Maintaining Data Privacy and Security
October 10, 2012 | Rochester, NY

Data Privacy & Security Issues with Mobile Technology: Practical Strategies for In-House Counsel to Reduce Risks
October 4, 2012 | San Francisco, CA

Data Privacy & Security Issues with Mobile Technology: Practical Strategies for In-House Counsel to Reduce Risks
September 25, 2012 | Boston, MA

Responding to a potential HIPAA security breach: Practical tips from real breaches
September 19, 2012

Nixon Peabody's Semi-Annual CLE Program (Buffalo and Rochester)
June 7, 2012 | Buffalo, NY

Emergency Preparedness—How Ready Are You?
November 10, 2011 | Albany, NY

Webinar: Staying One Step Ahead: Avoiding Data Privacy & Social Media Pitfalls in the Digital Age
April 13, 2011

Staying One Step Ahead: Avoiding Data Privacy & Social Media Pitfalls in the Digital Age
April 8, 2011

Le directeur juridique face au risque informatique
April 7, 2011

Webinar: Avoiding Data Privacy & Social Media Pitfalls in the Digital Age
March 17, 2011

Privacy & Data Security Panel Discussion
February 17, 2011

Webinar: The Boucher Bill
August 5, 2010

. . . Hide Events . . .

Privacy & Data Protection

Firm NP Difference Services Locations People News Careers | Site Map PAL

Privacy Policy | Terms of Use and Conditions | Statement of Client Rights | Nixon Peabody International | Paris Contact
© 2013 Nixon Peabody LLP This website contains attorney advertising. Prior results do not guarantee a similar outcome.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


PrevNext