Cybersecurity & Data Privacy

BLOG: Cybersecurity Meets the FCA: What the Chinese Telecom Ban Means for Government Contractors

August 27, 2019
By Peter B. Ford
Government contractors are required to comply with a new set of prohibitions on telecommunications equipment acquired from certain Chinese companies, and they may face False Claims Act liability since the prohibitions require certification that they have not used prohibited products. These prohibitions come from the John S. McCain National Defense Authorization Act for Fiscal Year 2019,* which contains a number of provisions intended to keep U.S. government funds from moving to Chinese government-owned corporations. Section 889 in particular lists companies the Chinese government owns that are now prohibited sources of supply for telecommunications equipment. Effective August 13, 2019, these prohibitions are incorporated into the FAR in Subpart 4.21.

BLOG: Prepare Now to Secure "Controlled Unclassified Information"

August 21, 2019
By Emily J. Rouleau
Nowadays, many people are familiar with at least some types of protected information, whether in the form of personal health information or government-classified information. But, contractors working with the Department of Defense ("DoD") must remember to protect another type of information: controlled unclassified information ("CUI"). Failure by government contractors to put processes in place that protect CUI could result in the loss of contracting opportunities or potential False Claims Act-related litigation.

BLOG: Cybersecurity, Implied Certifications, and the False Claims Act

July 22, 2019
By Isaias "Cy" Alba IV
As I am sure many of you know and have read about already, the first False Claims Act ("FCA") case, US Ex rel. Markus v. AeroJet Rocketdyne Holdings, Inc., et al., No. 2:15-cv-2245, has been filed in the Eastern District of California by a disgruntled former Director of Cyber Security Compliance and Controls, and it survived a motion to dismiss in May of this year. When the existence of the AeroJet case is layered over the U.S. Supreme Court's findings in Universal Health Servs., Inc. v. US Ex rel. Escobar, 136 S.Ct. 1989 (2016), which confirmed FCA liability based upon implied certifications, a worrisome result can occur. Namely, can the disgruntled employees, aggrieved subcontractors, consultants who see an opening for a quick buck, spouses in the midst of a contentious divorce, or any other random individual with a basic knowledge of your IT systems file an FCA case against you claiming that you impliedly certified, by merely accepting a federal contract, that you were in full and unequivocal compliance with all NIST 800-171 standards and that you had all documentation required by DFARS 252.204-7012. The answer is absolutely "YES." Small to mid-sized government contractors should note that their lack of diligence can be used as evidence of recklessness which gives rise to FCA liability.

BLOG: Department of Defense Sets Course on Cybersecurity Evaluation and Enforcement

July 17, 2019
By David T. Shafer
On a limited budget, government contractors need to be compliant with a litany of statutes, regulations, and industry standards in order to remain competitive in the marketplace. This has become particularly true in the cybersecurity context.

BLOG: Impact of California Consumer Privacy Act on Government Contractors and Commercial Businesses

July 8, 2019
By David T. Shafer and Jonathan Williams
The California Consumer Privacy Act ("CCPA") will go into effect on January 1, 2020. Similar to the European Union's General Data Protection Regulation ("GDPR"), CCPA creates significant compliance challenges for government contractors and commercial businesses doing business in California, with several states following suit. Under CCPA, fines from the Attorney General for businesses that do not comply could be as high as $7,500 per violation, with CCPA also granting consumers the right to bring private action, exposing companies to actual and statutory damages.
Please fill following information to download presentation