Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

David Bodenheimer

David Bodenheimer

David Z. Bodenheimer is a partner in Crowell & Moring’s Washington, D.C. office where he heads the Homeland Security Practice and focuses on Government Contracts, False Claims Act, Privacy, and Cybersecurity. For more than 30 years, he has found solutions for clients whenever and wherever problems arise in doing business with the Government. David represents all sizes of technology clients (computer hardware and software, major weapon systems, biodefense, satellite and space services, and military avionics and equipment). He litigates, counsels and resolves the full range of issues that clients confront in selling to the Government. He has testified before Congress regarding cybersecurity threats, public-private partnerships, and contractor liability issues for military contractors. He currently serves as a vice-chair of the ABA Public Contract Law Section’s Cybersecurity Committee.

Read David's bio on Crowell & Moring's website

Subscribe to all posts by David Bodenheimer

FDA Publishes Cyber Guidance for Medical Devices

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
The FDA recently passed down a set of guidelines governing the cybersecurity of medical devices. The guidelines, which are the first of its kind, were issued in response to the FDA’s recognition of the particular security concerns involved in the handling of sensitive medical information. The recommendations vary based on the specific vulnerabilities of each… Continue Reading

Legal Careers in Cybersecurity, Homeland Security, and Privacy: An Evening of Networking and Discussions with the Experts on How They Arrived

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
Hackers, terrorists, and cyber criminals have ignited escalating threats to cybersecurity, homeland defense, and privacy largely unanticipated to the legal profession a generation ago. Today, lawyers must grapple with the intersection of technology, information governance, and law, navigating unprecedented legal challenges and crafting practical solutions on the emerging cyber, homeland, and privacy frontiers. On behalf… Continue Reading

Cyber Storms on Horizon: More Hackers, Regulators, and Litigation

Posted in Cloud Computing, Cybersecurity / Data Security, Data Breach, Government Agencies, Public Sectors, Rules
Cybersecurity’s escalating threats, intensifying oversight, and expanding publicity in recent years exploded in 2013. It was a year bookended by President Obama’s cybersecurity warnings in his State of the Union message and the mega-breaches at Target and Neiman-Marcus. And it gave us a cyber panorama – the Cybersecurity Executive Order; industry security reports of massive… Continue Reading

Cyber Spies Stealing Corporate Secrets and Technology

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Public Sectors
With cyber heists plundering $1 trillion in global intellectual property (per President Obama) and driving “the greatest transfer of wealth in human history” (per NSA Director Alexander), corporations face bet-the-company threats when cyber attacks and data breaches empty their intellectual property vaults, torpedo their mergers and business deals, and crush their stock prices. In our recent… Continue Reading

The “Cyber Framework” Arrives

Posted in Cybersecurity / Data Security, Government Agencies, Government Regulations & FISMA, Privacy, Public Sectors
After a year of development, NIST has released the long-awaited Cybersecurity Framework, which promises to have significant implications for the public and private sectors alike. The final version retains much of the Framework Core set forth in the draft version and provides a blueprint to align cybersecurity efforts (along with the accompanying Roadmap document with… Continue Reading

SEC to Focus on Corporate Cybersecurity Risks in 2014

Posted in Cybersecurity / Data Security, Government Agencies, Public Sectors
On January 9, the Securities & Exchange Commission (“SEC”) released its National Examination Priorities (“NEP”) for 2014 and once again identified cybersecurity as a heightened risk that the agency intends to scrutinize as part of its mission to protect investors.  The NEP identifies technology — specifically, companies’ governance and supervision of IT systems, information security, and… Continue Reading

New DFARS Safeguards and Reporting Requirements

Posted in Cybersecurity / Data Security, Government Agencies, Government Contracting, Government Regulations & FISMA
A DFARS final rule (Nov. 18, 2013) on the safeguarding of unclassified, controlled technical information requires contractors, among other things, to report within 72 hours of discovery any “cyber incident” (an action that results in an actual or potentially adverse affect on an information system and/or the information residing therein), preserve relevant data for at… Continue Reading

New Building Block in the Cybersecurity Framework

Posted in Cybersecurity / Data Security, Government Agencies, Privacy, Public Sectors
Adding another building block to implementation of the President’s cybersecurity executive order issued in February 2013, the Department of Commerce’s National Institute of Standards and Technology (NIST) released its Preliminary Cybersecurity Framework on October 22, 2013. As discussed in greater detail in the attached Bullet Analysis by David Bodenheimer, Evan Wolff, and Eliot Golding, this… Continue Reading

ABA Cyber on the Hill with Congressional Staff (Nov. 7)

Posted in Cloud Computing, Cybersecurity / Data Security, Government Agencies, Information Management, Privacy
As the cyber threats continue to escalate sharply, Congress confronts a host of daunting tasks for bolstering cybersecurity, such as: balancing security while maintaining privacy; enhancing public-private partnerships while keeping information safe; and assuring accountability while maintaining flexible and agile security standards. At noon on November 7, Staff members from four Senate and House committees… Continue Reading

Regulating Cybersecurity On A Piecemeal Basis—Can The Executive Order Harmonize The Cyber Law Patchwork?

Posted in Cybersecurity / Data Security, Government Agencies, Government Regulations & FISMA, Privacy, Rules
With no comprehensive cybersecurity legislation nearing the finish line, Congress and federal agencies have attempted to fill the void with a series of piecemeal laws, regulations, and polices leaving both the public and private sector with fragmented — even inconsistent — guidance on how to defend cyberspace.  As we discuss in our recent article, “Regulating… Continue Reading

NIST Now “King of the Hill” on Cyber Standards

Posted in Cybersecurity / Data Security, Government Agencies, Government Regulations & FISMA, Privacy, Public Sectors
Following its key cyber role in President Obama’s Executive Order No. 13636 issued this February, the National Institute of Standards and Technology (NIST) again seized the reins on federal cybersecurity standards on April 30, issuing the 457-page tome, Security and Privacy Controls for Federal information Systems and Organizations, that not only provides the “most comprehensive… Continue Reading

Putting the SEC Spotlight on Corporate Cyber Risks

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Information Management, Privacy, Public Sectors, Rules
As the latest 10-K filing period for corporations draws to a close, the Securities and Exchange Commission (SEC) is expected to intensify its scrutiny on whether companies’ filings adequately disclose both information security breaches that occurred in the past, and the material risks due to cyber threats such companies face in the future. Since the… Continue Reading

Cybersecurity Receives Presidential Push with New Cyber Executive Order

Posted in Cybersecurity / Data Security, Information Management
After years of abortive attempts by Congress to enact comprehensive cybersecurity legislation, the President took matters into his own hands on February 12, signing an Executive Order, Improving Critical Infrastructure Cybersecurity. Identifying the cyber threat as “one of the most serious national security challenges we must confront,” this Order, along with its contemporaneous Presidential Policy… Continue Reading

Information Security, Privacy, and the Government Accountability Office: Perspectives on Risks, Requirements, and Emerging Issues in the Public Sector

Posted in Cloud Computing, Cybersecurity / Data Security, Government Agencies, Privacy
Since the emergence of cybersecurity and privacy as high risk issues in the public sector, the Government Accountability Office (GAO) has been at the forefront – identifying risks, reviewing progress of federal agencies, and keeping Congress informed on the latest developments in the cyber and technology arena. In this role, GAO has reported on the… Continue Reading