Gene L. Dodaro, Comptroller General of the United States, testified before the Senate Committee on Homeland Security and Governmental Affairs about the Government Accountability Office’s (GAO) report on high-risk areas. Mr. Dodaro’s testimony explained that the GAO’s high-risk program has focused attention on government operations with greater vulnerabilities to fraud, waste, abuse, and mismanagement, or that are in need of transformation to address economy, efficiency, or effectiveness challenges. The GAO’s 2019 High Risk Report, among other things, identified two new high-risk areas—Government-wide Personnel Security Clearance Process and Department of Veterans Affairs (VA) Acquisition Management. The VA has one of the most significant acquisition functions in the federal government, both in obligations and number of contract actions. The GAO identified seven contracting challenges for VA, such as outdated acquisition regulations and policies, lack of an effective medical supplies procurement strategy, and inadequate acquisition training.

The Department of Defense (DoD) Office of the Undersecretary of Defense released a memorandum that provides additional guidance on the use of Other Transactions (OTs) for prototype projects under 10 U.S.C. § 2371b, with consortia to address the perception that consortium membership needs to be limited to U.S. companies or institutions. OTs for prototype projects are authorized when directly relevant to enhancing the mission effectiveness of military personnel and the supporting platforms, systems, components, or materials proposed to be acquired or developed by the DoD, or to the improvement of platforms, systems, components, or materials in use by the armed forces. Such projects are intended to help broaden the DoD’s ability to access innovative technology from companies that might otherwise be unable or unwilling to enter into contracts with the DoD.

The Department of Justice (DOJ) announced it reached a settlement of its civil forfeiture case against assets owned by Hikmatullah Shadman, which he wrongfully acquired as a government contractor in Afghanistan. Under the terms of the settlement, approximately $25 million will be forfeited to the United States. The civil settlement is part of a global settlement that involved the resolution of a criminal case and False Claims Act allegations. According to the DOJ announcement, Hikmatullah Shadman operated several companies including Hikmat Shadman Logistics Services Company (HSLSC), which served as subcontractors delivering supplies to U.S. service members at various locations in Afghanistan. From November 2010 to March 2012, Mr. Shadman charged the United States more than $77 million for delivering supplies to U.S. service members. The civil forfeiture case targeted, among other things, Mr. Shadman’s fraudulent receipt of a disproportionate number of subcontracts for the transport of military supplies in Afghanistan, as well as the inflated prices that he charged the United States for such transport.


The Department of Labor (DOL) announced a proposed rule that would make more than a million additional American workers eligible for overtime. This proposed regulation has been submitted to the Office of the Federal Register (OFR) for publication and is currently pending placement on public inspection at the OFR and publication in the Federal Register. Under currently enforced law, employees with a salary below $455 per week ($23,660 annually) must be paid overtime if they work more than 40 hours per week. Workers making at least this salary level may be eligible for overtime based on their job duties. This salary level was set in 2004. This proposal would boost the proposed standard salary level to $679 per week (equivalent to $35,308 per year). Above this salary level, eligibility for overtime varies based on job duties. In developing the proposal, the DOL received extensive public input from six in-person listening sessions held around the nation and more than 200,000 comments that were received as part of a 2017 Request for Information (RFI). Commenters who participated in response to the RFI or who participated at a listening session overwhelmingly agreed that the currently enforced salary and compensation levels need to be updated.

According to Bloomberg Government, the DOL is expected to introduce three proposed rules on overtime pay and joint employer liability in March. Bloomberg Government opined that—in addition to a proposed overtime rule would make workers who earn less than $35,000 a year automatically eligible for time-and-a-half pay for all hours beyond 40 a week—the DOL is expected to amend requirements for calculating workers’ “regular” pay rates for overtime purposes. Third, the DOL reportedly sent a rule to the White House for review that is expected to limit shared liability for affiliated businesses.

The Equal Employment Opportunity Commission (EEOC) will officially open the 2018 EEO-1 survey on March 18, 2019, and the deadline to submit EEO-1 data has been extended until May 31, 2019. All private employers who are subject to Title VII of the Civil Rights Act of 1964 (as amended by the Equal Employment Opportunity Act of 1972) with 100 or more employees—excluding state and local governments, primary and secondary school systems, institutions of higher education, Indian tribes and tax-exempt private membership clubs other than labor organizations—or private employers subject to Title VII who have fewer than 100 employees if the company is owned or affiliated with another company, or there is centralized ownership, control or management (such as central control of personnel policies and labor relations) so that the group legally constitutes a single enterprise, and the entire enterprise employs a total of 100 or more employees, must file the Standard Form 100 (EEO-1). Additionally, all federal contractors who are not exempt as provided in 41 CFR 60-1.5, who have 50 or more employees, and (1) are prime contractors or first-tier subcontractors, and have a contract, subcontract, or purchase order amounting to $50,000 or more, or (2) are federal contractors who serve as a depository of Government funds in any amount, or (3) are federal contractors who are financial institutions which is an issuing and paying agent for U.S. Savings Bonds and Notes must file Standard Form 100 (EEO-1). 

According to Bloomberg Government, a new court ruling will require companies with more than 100 employees to report to the U.S. government data about how much workers’ are paid broken down by sex, race, and ethnicity, possibly as soon as this spring. The pay disclosures were finalized by the EEOC in the summer of 2016, but the Office of Management and Budget (OMB) froze the expanded requirements after President Trump took office. The National Women’s Law Center and other groups sued, and on March 4, Judge Tanya Chutkan ruled in their favor, saying that the government did not properly justify its decision. Per Bloomberg Government, the OMB may appeal, and it is not clear whether companies will have to comply by the original May 31 deadline. Employers already submit demographic data to the EEOC annually, but the new disclosures would call for more granular analysis, requiring them to report the racial and gender makeup of employees in each job category (executive level, professionals, sales workers, etc.) within 12 pay ranges, for each of a company’s physical locations.

According to Bloomberg Government, Walmart is eliminating its greeter positions and moving to ones requiring more physical duties, which may set new legal precedents for how a business can adjust its workforce within the limits of the Americans with Disabilities Act (ADA). As noted by Bloomberg Government, at least three complaints have been filed against Walmart in Pennsylvania, Illinois, and Wisconsin over the retail giant’s imposition of an April deadline for phasing out greeter positions as they now exist, according to Cheryl Bates Harris, a senior disability advocacy specialist at the National Disability Rights Network. Elderly and disabled employees who hold many of those positions have been told to reapply for “customer host” positions that, among other things, can require standing for long periods. Walmart declined to elaborate on the specific different job requirements for the new role. According to the article, the change by Walmart offers a unique moment in employment law because discrimination cases under the ADA often arise from actions taken during hiring and firing, not changes in an already filled job, and certainly not on a scale like the Walmart greeter position.

According to Law360, CRST International Inc. agreed to settle an EEOC suit accusing the trucking company of violating the ADA by refusing to hire a military veteran after he asked to use an emotional support dog on the job. The EEOC sued CRST in 2017, alleging that the company declined to hire an applicant for a long-haul truck driver position after he asked to drive with a service dog as per his doctor’s order. According to court documents, the applicant’s psychiatrist had prescribed a service animal to help him cope with post-traumatic stress and “to maintain appropriate social interactions and workplace functions.” On Tuesday, the Court signed off on a consent decree ending the suit. Under the deal, CRST will pay the military veteran $47,500 and train its managerial and recruiting staff on ADA compliance. Leslie N. Carter, a trial attorney for the EEOC’s Milwaukee office who worked on the case, told Law360 on Wednesday that the settlement makes clear that a request for a service animal can be protected by the ADA.

According to Law360, the National Labor Relations Board (NLRB) ruled that unions cannot force workers who object to being full-fledged union members to pay for lobbying activities, saying lobbying falls outside the core representation work that unions can require nonmember objectors to fund. Under the U.S. Supreme Court’s 1988 Communications Workers of America v. Beck decision, unions cannot use funds collected from nonmember employees covered by union-security arrangements for any activities not germane to a union’s core representational duties of collective bargaining, contract administration, and grievance adjustment. The improper use of nonmembers’ fees violates unions’ duty of fair representation under the Beck framework. In a 3-1 decision, the NLRB majority ruled that unions cannot use fees paid by so-called Beck objectors—workers in a unionized setting who opt not to join the union—for lobbying expenses without running afoul of National Labor Relations Act. Additionally, the NLRB held that a union has to provide workers with independent verification that it has done an audit of what expenses fall under the categories that Beck objectors’ fees can be put toward. The NLRB’s decision can be found here.


According to Bloomberg Government, there were more than 1,100 reported data breaches over the last 12 months, many of them considered large in terms of the number of individuals impacted and volume of data acquired. Since data breaches can make headlines and engender litigation brought by consumers and financial institutions, Bloomberg Government highlighted four trends that could impact data breach litigation. First, there is a circuit split among the U.S. Circuit Courts of Appeals regarding standing. Per Bloomberg Government, a consensus has been growing among federal courts that plaintiffs alleging actual fraud—e.g., account fraud or identity theft—satisfy the “injury in fact” requirement for standing. But courts have split on whether a plaintiff who has not suffered fraud establishes standing—e.g., by alleging only a “substantial risk” of future harm. Second, Bloomberg Government expects large consumer class action settlements to continue to be the trend in terms of data breach litigation. Two such settlements in 2018 involved Wendy’s and Anthem consumer class action lawsuits, which settled for $3.4 million and $115 million, respectively. Third, Bloomberg Government expects financial-institution plaintiffs to face difficulties after the Seventh Circuit dismissed a complaint brought by a financial institution reasoning that tort law “did not recognize a ‘remedy to card-holders’ banks against a retail merchant who suffered a data breach, above and beyond the remedies provided by the network of contracts that link merchants, card-processors, banks, and card brands to enable electronic card payments.” Lastly, Bloomberg Government believes regulatory enforcement actions to continue to be brought under the FTC Act against companies that suffer data breaches.

According to Bloomberg Government, five senators introduced legislation that would require public companies without cybersecurity experts on their boards of directors to explain in Securities and Exchange Commission filings how other cybersecurity efforts make up for the absence of a cybersecurity expert on the board. Under the bill, (S.592), public companies would also have to tell investors whether any of their directors are cybersecurity experts. Representative Jim Himes (D-Conn) is expected to introduce companion legislation in the House.


Is Cyber Insurance Worthless in the Age of Quasi-State-Sponsored Hacking?

By Isaias Alba IV

I’m sure everyone has heard it before: commentators, pundits, and even members of the 809 Panel have stated that “we are at war!” Most of these claims revolve less around ground combat or air battles than the fact that more countries are investing in and deploying cyber assets to destroy not just the defense networks of other countries, but their economic systems as well. Thus, it stands to reason that some of the cyber threats seen in the wild are not just from random hackers in basements or dark apartments, but from state actors or quasi-state actors operating directly or indirectly at the behest of governments. Further, there are even more hackers working for terrorist organizations criminal enterprises financially connected to terror organizations, or “lone wolf” actors whose motives some would contend to be “terrorist” in nature. This fact runs headlong into a provision contained in many cyber insurance contracts that state the insurer does not have to pay for incidents caused by an “act of war” or “act of terror.” It is this very exclusion that is at play in recent a multi-million dollar lawsuit. Specifically, if the insurance company defendant prevails and more insurers attempt to use this exception to avoid paying for damages caused by malware suspected of being tied to state actors or terrorist organizations, cyber insurance could become virtually worthless. [Read More]