Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Kate M. Growley

Subscribe to all posts by Kate M. Growley

No Summer Vacation for Government as New Cybersecurity Legislation Passes

Posted in Cybersecurity / Data Security
The federal government has kept busy this summer by issuing multiple regulations impacting government contractors’ cybersecurity.  First, the Department of Defense released the 2019 National Defense Authorization Act (NDAA), which included notable cybersecurity provisions involving foreign ownership and Controlled Unclassified Information (CUI), among others.  Second, Congress passed the NIST Small Business Cybersecurity Act requiring the National Institute of Standards… Continue Reading

Upcoming NIST Hosted DFARS Safeguarding Clause & CUI Training – October 18, 2018

Posted in Cybersecurity / Data Security
The National Institute of Standards and Technology (“NIST”) is hosting a cybersecurity workshop on the Defense Federal Acquisition Regulation System (“DFARS”) Safeguarding Clause and related regulations on Thursday, October 18, 2018.  The workshop, in coordination with the Department of Defense (“DoD”) and the National Archives and Records Administration (“NARA”), will provide an overview of Controlled… Continue Reading

Is Government Data at Risk? Study Finds Industry Cybersecurity Lagging Government

Posted in Cybersecurity / Data Security
Security ratings firm BitSight recently released a report citing a gap in cybersecurity performance between the U.S. Government and contractors.  The report was the result of a comparative security assessment between 1,212 randomly selected government contractors and 122 federal agencies. The assessment found that federal agencies were at least 15 points better than the mean for… Continue Reading

National Archives Issues New, But Limited, CUI Contract Guidance

Posted in Cybersecurity / Data Security
The Information Security Oversight Office (“ISOO”) within the National Archives and Records Administration (“NARA”) recently issued guidance for all non-executive branch entities  (such as elements of the legislative or judicial branches of the Federal Government; state, tribal or local government elements; and private organizations including contractors) concerning controlled unclassified information (“CUI”).  Specifically, the ISOO  issued… Continue Reading

Comment Period Extended for NIST SP 800-171 Assessment Guide

Posted in Cybersecurity / Data Security, Government Agencies, Government Contracting, Government Regulations & FISMA, Information Management, Public Sectors
Less than two weeks after the National Institute of Standards and Technology (NIST) published a draft version of NIST SP 800-171A, Assessing Security Requirements for Controlled Unclassified Information, on November 28, the National Archives and Records Administration (NARA) announced today that the comment period has been extended to January 15, 2018.  This gives interested parties… Continue Reading

New OCR Settlement Targets Safety Net Provider on Security Rule Deficiencies

Posted in Cybersecurity / Data Security, Information Management
On Wednesday, the U.S. Department of Health and Human Services, Office for Civil Rights announced a $400,000 settlement with Metro Community Provider Network arising from MCPN’s alleged failure to implement adequate security management processes to safeguard electronic protected health information in accordance with the Health Insurance Portability and Accountability Act Security Rule. This settlement followed… Continue Reading

CFAA Conviction for Accessing and Damaging Former Employer’s Computer System

Posted in Cybersecurity / Data Security
Last week, a federal court sentenced a former systems administrator convicted of accessing his former employer’s computer network and uploading malicious code designed to disrupt and damage the company’s manufacturing operations. Brian P. Johnson worked for years as an information technology specialist and systems administrator at Georgia-Pacific’s Port Hudson, LA facility.  In February 2014, Georgia-Pacific… Continue Reading

Insider Threats Meet Litigation

Posted in Cybersecurity / Data Security, Data Breach, Government Contracting, Information Management
Last week, we highlighted our colleagues’ post in Crowell’s Trade Secrets Trends focusing on recent comments submitted by the U.S. Chamber of Commerce regarding the need to stem the cyber theft of intellectual property.  Today, we once again turn to our sister blog to highlight an example of how that theft plays out in the… Continue Reading

U.S. Chamber of Commerce on Trade Secrets Protections

Posted in Cybersecurity / Data Security, Government Agencies, Information Management
Earlier this month, the U.S. Chamber of Commerce submitted comments in response to the National Institute of Standards & Technology’s request for information regarding cybersecurity and the digital economy. The Chamber’s comments focused on specifics such as the NIST Cybersecurity Framework and the Cybersecurity Information Sharing Act of 2015, but it also discussed more generally… Continue Reading

2nd Circuit: Government Cannot Force Companies to Hand Over Communications Data Stored Overseas

Posted in Accessibility, Criminal Law, Government Agencies, Information Management, Privacy, Transnational Discovery
The Second Circuit today issued a much-anticipated ruling holding that U.S. firms are not required to turn over user data stored overseas, even in the face of a government warrant.  This decision arose from Microsoft’s December 2014 appeal of a civil contempt ruling against the tech giant for refusing to turn over the personal data… Continue Reading

Privacy & Cybersecurity News Update- 3 Week Summary

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Internet of Things, Privacy
The Panama Papers Leak – An overview on histories’ biggest data leak; Article 29 Working Party about to release opinion on EU-U.S. Privacy Shield; EU: GDPR and PCJ DPD about to be approved next week – final consolidated text published by Council; US: New HIPAA Audit Protocol Released as a Guidance Tool for phase two… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
DoD Issues Year-End DFARS Changes; Russians Now Have the “Right to Be Forgotten”; No Injury in Michael’s Data Breach Suit; FAA Issues Interim Final UAS Rule; New Penalties for Distributing Unique Medical Identifiers Holiday Gift from Defense Department: More Time to Comply with DFARS Safeguarding Rule Last Wednesday, the Department of Defense issued an interim… Continue Reading

Privacy-Cybersecurity Weekly News Update December 14-18, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Social Media
FTC Settles False Ad Claim with LifeLock for $100M; CISA Signed into Law; University of Washington Settles HIPAA Claims Arising from 2013 Data Breach; Senators Urge White House to Search Social Media Profiles During Visa Background Checks; FTC Announces COPPA Settlements with App Developers; Cybersecurity Enters the 2016 Presidential Race. FTC Announces Staggering Sum in… Continue Reading

Privacy-Cybersecurity Weekly News Update December 6- 11, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
Wyndham-FTC Settlement Looks to PCI; Target Consumer Appeals Settlement; Leaders Propose Encryption Commission; Ashley Madison MDL in St. Louis; FTC Commissioner Warns of FCC ISP Overreach; Moms Sue Over Doll’s IoT Capability Wyndham to Implement PCI-Focused Information Security Program in Settlement with FTC On Wednesday, the FTC and Wyndham settled a long-standing dispute regarding the hospitality… Continue Reading

The IoT Says “Hello” to Barbie

Posted in Internet of Things, Privacy
The Internet of Things has found its way into the court room once again.  Last week, two mothers filed a putative class action stemming from their children’s use of “Hello Barbie,” an interactive version of the popular doll that relies on cloud-based technology to talk back to its playmates and that the mothers allege violated… Continue Reading

Privacy-Cybersecurity Weekly News Update November 29- December 4, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
Target Settles Data Breach Claims with Banks and Insurers On Thursday, Target agreed to settle claims with a group of financial institutions arising from its 2013 data breach involving customers’ credit card information.  Target reportedly will pay $39 million to settle the class-action suit in federal court in Minnesota.  This settlement follows a $67 million… Continue Reading

Keeping Up with Cybercriminals: House Passes Bill to Formally Establish National Computer Forensics Institute

Posted in Cybersecurity / Data Security
Congress has taken another step to emphasize the importance of detecting and deterring cyber crime, as the House recently passed the Strengthening State and Local Cyber Crime Fighting Act.  Please see Trade Secrets Trends for a post by our colleagues John McCarthy and Craig Lytle for more details about the bill’s passage and significance.  … Continue Reading

Interim Rule Could Expand Already Onerous DFARS Cyber Requirements

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Government Regulations & FISMA, Information Management, Privacy, Public Sectors, Rules
Yesterday, the DoD published an Interim Rule that, if finalized as drafted, would expand the already onerous requirements of the DFARS Safeguarding Clause to a broader array of potentially 10,000 defense contractors.  Citing “recent high-profile breaches of federal information,” the DoD’s Interim Rule emphasizes the need for clear, effective, and consistent cybersecurity protections in its… Continue Reading

Partner David Bodenheimer Recognized as Co-Chair of ABA PCL “Committee of the Year”

Posted in Cybersecurity / Data Security, Government Contracting, Privacy, Public Sectors
Crowell & Moring is proud to announce that the ABA Public Contract Law Section has recognized Partner David Bodenheimer, along with Maureen Kelly of Northrop Grumman and Annejanette Pickens of General Dynamics, for their exceptional efforts as co-chairs of the Section’s Committee on Cybersecurity, Privacy, and Data Protection.  The Section recently presented the Committee with… Continue Reading

Economic Espionage: A Real Risk for Universities

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Government Regulations & FISMA, Information Management, Privacy, Public Sectors
The recent arrests of Chinese nationals for alleged economic espionage are raising eyebrows across American industries, who are rightfully asking how they can protect themselves from becoming the next foreign target. U.S. universities have been key figures in these headlines. The risk of economic espionage is a serious one for higher education because universities are… Continue Reading

Three State Data Breach Laws Set to Change This Summer

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Information Management, Privacy
With Memorial Day unofficially kicking off summer, those keeping up on recent changes to state data breach laws are eyeing their calendars, as a series of state amendments are due to come into effect.  Beginning on July 1, both Nevada and Wyoming will expand their definitions of personal information.  One month later on August 1,… Continue Reading

Supreme Court to Consider Congressionally-Conferred Privacy Breach Standing

Posted in Data Breach, Government Regulations & FISMA, Information Management, Privacy, Social Media
One year ago, data broker Spokeo, Inc. asked the Supreme Court to reconsider the Ninth Circuit’s revival of a putative class action against it for willfully violating the Fair Credit Reporting Act (“FCRA”) by publishing personal information without notice.  This week, the Court heeded that request, granting certiorari.  In doing so, it has paved the… Continue Reading

Join Us for OOPS 2015! Cybersecurity Risk Management: The View from Washington and Beyond

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Information Management, Internet of Things, Privacy, Public Sectors
Crowell & Moring would like to invite government contractors to ring-side seats for the fight of the year – Congress v. the White House.  This year’s Ounce of Prevention Seminar (OOPS) will focus on the dynamic interplay between the opposite ends of Pennsylvania Avenue and how it will ultimately impact government contractors across the industry.… Continue Reading