Photograph of Kate M. Growley, CIPP/G, CIPP/US

Practices

Education

Florida State University, B.A. (2008) summa cum laude with honors
University of Virginia School of Law, J.D. National Security Law (2011)

Admissions

District of Columbia
Virginia

Languages

French (Intermediate)

Government Contracts – Battening Down the Hatches on Cybersecurity

Click to read this article from
Crowell & Moring's Regulatory Forecast 2019.

Kate M. Growley, CIPP/G, CIPP/US

, Counsel Washington, D.C.

kgrowley@crowell.com
Phone: +1 202.624.2698
1001 Pennsylvania Avenue NW
Washington, DC 20004-2595

Kate M. Growley is a counsel in the Washington, D.C. office of Crowell & Moring, where she is a member of the firm's Privacy & Cybersecurity, Government Contracts, and Litigation groups. Her practice covers a wide range of counseling and litigation engagements, including cybersecurity compliance reviews, risk assessments, incident response, law enforcement cooperation, regulatory investigations, data breach class actions, trade secrets litigation, and health care disputes.

Kate is a Certified Information Privacy Professional for both the U.S. private and government sectors (CIPP/US, CIPP/G) and has been named a “Rising Star” by both Law360 (2018) and the American Bar Association's Science & Technology Section (2016). Kate serves as co-chair of the Science & Technology Section's Homeland Security Committee and as vice-chair of the Public Contract Law Section’s Cybersecurity, Privacy, & Data Protection Committee. Kate also sits on PubK Law’s Advisory Board, advising on cybersecurity issues for government contractors. Additionally, she is an award-winning author and frequent public speaker, and she regularly trains clients, regulators, and other attorneys on cyber and data security issues.

Kate is an active leader within Crowell & Moring, supporting countless firm initiatives, including serving as the immediate former co-chair of the firm's Women Attorneys' Network.

She received her J.D. from the University of Virginia School of Law, where her studies focused on national security. Prior to law school, she graduated first in her class from Florida State University, summa cum laude with honors.

Cybersecurity for Government Contractors

Kate maintains a robust cybersecurity practice focused on the government contracting community, particularly those working with the Department of Defense. Her recent engagements address issues including:

Crafting and implementing strategies to comply with DFARS 252.204-7012, including the drafting of system security plans (SSPs) and plans of action & milestones (POAMs).
Assessing whether, when, and how to report cyber incidents under DFARS 252.204-7012.
Understanding and negotiating cloud service provider agreements under DFARS 252.204-7012 and DFARS 252.239-7010.
Complying with basic safeguarding requirements under FAR 52.204-21 and privacy training requirements under FAR 52.224-3, as well as NIST SP 800-171 and NIST SP 800-53.
Assessing and complying with security obligations under the NISPOM, Privacy Act, and FISMA.
Evaluating and managing insider threat and supply chain risks, including potential disclosures.
Evaluating entry into the Defense Industrial Base (DIB) Cybersecurity Information Sharing Program.
Advising on jurisdictional and accessibility issues related to overseas data hosting, including the Foreign Intelligence Surveillance Act (FISA) and Presidential Policy Directive 28 (PPD-28).
Negotiating voluntary use of government investigation and hunt teams, including with the Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Missile Defense Agency (MDA).
Advising on cybersecurity concerns in pre-award contractual negotiations at both the federal and state levels.

Incident Response

On a daily basis, Kate is helping clients manage and respond to cyber incidents. Her practice covers the full incident lifecycle from tailoring incident response plans to liaising with relevant stakeholders. Example engagements include:

Represented major technology company in assessing and responding to well-publicized security incident, including assessments of global customer notification obligations and litigation exposure, as well as extensive cooperation with U.S. and foreign law enforcement.
Assisted large manufacturer in responding to security incident stemming from Internet-connected devices provided by third parties, including assessments of potential legal liabilities and assistance with government agency investigations.
Counseled major government contractor in assessing customer notification obligations associated with large exfiltration of company data to a foreign nation.
Advised international manufacturer and government contractor regarding crisis management strategy in response to security vulnerability disclosure.
Counseled non-government organization in investigating and remediating security incident implicating personally identifiable information (PII), as well as leading required individual and state Attorney General notifications.
Led large research organization’s response to ransomware incident, including forensic investigation, assessment of customer and employee notification obligations, and regulator outreach.

Investigations, Litigation, and Arbitration

In addition to her counseling practice, Kate maintains a steady docket of dispute resolution matters. Recent engagements include:

Represented multiple health care plans in regulatory investigations instituted by The Department of Health & Human Services Office of Civil Rights in response to privacy and security incidents.
Represented large non-profit organization and technology services provider in response to state Attorney General inquiries stemming from security incidents.
Defended health care system in complex class actions stemming from security incident potentially affecting over 4.5 million individuals.
Defended former federal official regarding Bivens liability stemming from post-9/11 PENTTBOM investigation at the trial level and on appeal, including before the Supreme Court of the United States in Ziglar v. Abbasi.
Defended acting foreign official from allegations of terrorism.
Pursued indemnification claim under Public Law 85-804 on behalf of major defense contractor.
Defended Medicare Advantage organization at both the trial and appellate levels in dispute brought by multiple health providers over the exhaustion of administrative remedies.
Defended Blue Cross and Blue Shield companies in national and statewide class actions asserting antitrust claims.
Represented multiple manufacturers in pursuing trade secret misappropriation claims in federal and state courts.
Represented international hospitality company in federal litigation and related arbitration regarding claims of unfair competition and misappropriation of trade secrets.
Represented software service provider in arbitration regarding contractual and unauthorized access claims, including those brought under the Computer Fraud & Abuse Act (CFAA).

Privacy and Cybersecurity Counseling

Kate also regularly counsels clients on a variety of privacy and information security issues, including:

Artificial intelligence (AI) and big data
Autonomous vehicles (AVs)
California’s Confidentiality of Medical Information Act (CMIA)
Cloud migration and other digital transformation initiatives
Europe’s General Data Protection Regulation (GDPR)
Family Educational Rights and Privacy Act (FERPA)
Health Insurance Portability and Accountability Act (HIPAA)
Internet of Things (IoT)
New York’s Department of Financial Services (DFS) Cybersecurity Requirements
Payment Card Industry Data Security Standard (PCI DSS)
Penetration testing
UAS/UAV (“drone”) regulations

Affiliations

Admitted to practice: District of Columbia and Virginia; U.S. Supreme Court

Highlights, News & Knowledge

View latest items by date

Speeches & Presentations

"A Mountain of Requirements: Cybersecurity and Privacy for Contractors," Crowell & Moring's Ounce of Prevention Seminar (OOPS) 2019, Washington, DC (May 8, 2019). Moderator: Kate M. Growley; Speakers: Evan D. Wolff and Peter B. Miller.
"Cybersecurity Developments Affecting Government Contracting," ABA's 25th Annual Federal Procurement Institute, Annapolis, MD (March 14, 2019). Panelist: Kate M. Growley.
"Smart Technologies and Privacy," American Bar Association 2018 Women in Products Liability Regional CLE Program, Washington, D.C. (October 25, 2018). Presenter: Kate M. Growley.
"Cybersecurity for Contractors," Government Contracts "101" - Back to Basics, Washington, D.C. (October 10, 2018). Presenters: Evan D. Wolff and Kate M. Growley.
"GDPR and Beyond," Crowell & Moring's Government Contracts Breakfast Series, McLean, VA (September 19, 2018). Presenters: Adelicia R. Cliffe, Evan D. Wolff Maria, Alejandra (Jana) del-Cerro, and Kate M. Growley.
"What Will the New Year Bring: Top Headlines, Headaches, and Developments for Government Contractors to Watch in 2018," Crowell & Moring Webinar (January 25, 2018). Presenters: Crowell & Moring Government Contracts Group.
"Intellectual Property, Information Technology and Cybersecurity," PubKGroup's 3rd Annual Year In Review Webinar (December 7, 2017). Panelist: Nicole Owren-West and Kate M. Growley.
"Cybersecurity for Contractors," Government Contracts "101" - Back to Basics, Washington, D.C. (October 26, 2017). Presenters: Paul M. Rosen, Evan D. Wolff and Kate M. Growley.
"Cyber and Information Technology Compliance and Lessons Learned," CIECI 2017 Best Practices Forum, Denver, CO (October 9, 2017). Panelist: Kate M. Growley.
"Information Governance & Cybersecurity," Women in E-Discovery, Washington, D.C. (September 20, 2017). Panelist: Kate M. Growley.
"Hurry-Up Offense: Keeping Pace with Information Security and Privacy," OOPS 2017, Crowell & Moring's 33rd Annual Ounce of Prevention Seminar, Washington, D.C. (May 4, 2017). Presenters: Peter B. Miller, Paul M. Rosen, Evan D. Wolff, and Kate M. Growley.
"The Trump Administration's Acquisition Policy Agenda," The Coalition for Government Procurement Webinar (March 15, 2017). Presenters: Robert A. Burton, Stephen J. McBrady, and Kate M. Growley.
ABA Public Contract Law Section’s 3rd Annual Government Perspectives Panel on Cybersecurity, Washington, D.C. (February 22, 2017). Moderator: Kate M. Growley.
"What Will the New Year (and Administration) Bring for Government Contractors?" Crowell & Moring First 100 Days Webinar, Washington, D.C. (January 25, 2017). Presenters: Crowell & Moring Government Contracts Group.
"The Incoming Administration's Acquisition Policy Focus: Analysis & Commentary," 2016 Fall Training Conference, The Coalition for Government Procurement, Washington, D.C. (November 17, 2016). Presenters: Robert A. Burton, Stephen J. McBrady, and Kate M. Growley.
"Legal Careers in Cybersecurity, Privacy, and Information Law: An Evening of Networking and Discussions with the Experts on How They Arrived," American Bar Association Cross-Section Program (October 13, 2016). Moderators: David Z. Bodenheimer and Kate M. Growley. Speaker: Cheryl A. Falvey.
"Cybersecurity Table Top for a Congressional Cyber Security Lab Program," Wilson Center, Washington, D.C. (June 10, 2016). Moderator: Evan D. Wolff. Facilitators: Peter B. Miller, Harvey Rishikof, Maida Oringher Lerner, Elliot Golding, and Kate Growley.
"Regulating Information: Cybersecurity, Internet of Things, & Exploding Rules," OOPS 2016, Crowell & Moring's 32nd Annual Ounce of Prevention Seminar, Washington, D.C. (May 25-26, 2016). Moderator: David Z. Bodenheimer. Panelists: Evan D. Wolff and Kate M. Growley.
"Federal Contracting and Cybersecurity: What Higher Education Institutions Need to Know," Webinar (March 3, 2016). Panelists: Laurel Pyke Malson, Evan D. Wolff, Lorraine M. Campos, Harvey Rishikof and Kate M. Growley.
"What Will the New Year Bring," Crowell & Moring Webinar, Washington, D.C. (January 14, 2016). Presenters: Crowell & Moring Government Contracts Group.
"Government Contracting on the Cybersecurity Frontier: Cyber Landmines, Compliance Risks, and Emerging Rules," American Bar Association Webinar (December 17, 2015). Presenters: David Z. Bodenheimer and Kate M. Growley.
"Understanding Drone Privacy Law Regarding Unmanned Aerial Vehicles (UAVs)," ABA Webinar (December 1, 2015). Moderator: Kate M. Growley.
"Cybersecurity," Women in eDiscovery, Washington, D.C. (October 21, 2015). Presenter: Kate M. Growley.
"Cybersecurity & Data Privacy: Tackling Tough Questions for Federal Agencies & Contractors," Thompson Interactive Webinar (May 7, 2015). Presenters: Kate M. Growley, Gordon Griffin, Yuan Zhou, and Sharmistha Das.
"Cybersecurity Risk Management: The View from Washington and Beyond," OOPS 2015, Crowell & Moring's 31st Annual Ounce of Prevention Seminar, Washington, D.C. (May 5-6, 2015). Moderator: Peter B. Miller; Panelists: Evan D. Wolff, Maida Oringher Lerner, and Kate M. Growley.
"Cybersecurity and Government Contracting: Regulations, Implications and Compliance," Federal Publications Seminars, Washington, D.C. (April 14, 2015). Presenters: David Z. Bodenheimer, Kate M. Growley, Yuan Zhou, and Sharmistha Das.
"Issues Relating to Cybersecurity Rules Affecting Government Contractors," ABA Public Contract Law Section Council Meeting, Washington, D.C. (March 14, 2015). Speaker: Kate M. Growley.
"ABA Young Leaders on Cybersecurity, Privacy, & Information Law: Rapid-Fire Retrospectives on 2014 and Predictions for 2015," ABA's PCL and SciTech Sections, teleconference (December 8, 2014). Panelists: Elliot Golding and Kate M. Growley.
"Cyber Crisis Management: Are You Prepared?" OOPS 2014, Crowell & Moring's 30th Annual Ounce of Prevention Seminar, Washington, D.C. (May 13-14, 2014). Moderator: Evan D. Wolff; Presenters: David Z. Bodenheimer, Kelly T. Currie, and Kate M. Growley.
"Cybersecurity and Data Privacy in 2013: Contracting in a Time of Increased Scrutiny," L2 Federal Resources Webinar (September 19, 2013). Presenters: Gordon Griffin, Elliot Golding, Amelia Schmidt, and Kate Molony.
“Issues in Cybersecurity,” Lecture at University of Virginia’s Sorensen Institute Political Leaders Program (July 13, 2013). Presenters: Kate Molony and Dr. Steven Bucci of the Heritage Foundation.
"Cybersecurity for the Next Generation of Government Contractors," Presentation to L2's NextGen Government Contractors Association (April 30, 2013). Presenters: David Z. Bodenheimer, Gordon Griffin, and Kate Molony.

Publications

"Seventh Circuit Wades into Big Data Case Law," Crowell & Moring's Data Law Insights (March 28, 2019). Authors: Paul M. Rosen, Kate M. Growley, CIPP/G, CIPP/US and Joanne Oleksyk.
"Government Contracts – Battening Down the Hatches on Cybersecurity," Crowell & Moring's Regulatory Forecast 2019 (February 27, 2019). Contributors: Evan D. Wolff and Kate M. Growley.
"DoD Increases DCMA Cybersecurity Responsibilities: DCMA to Implement and Assess Company-Wide Cyber Compliance," Crowell & Moring's Government Contracts Legal Forum (February 21, 2019). Authors: Evan D. Wolff, Kate M. Growley, CIPP/G, CIPP/US, Michael G. Gruden, CIPP/G, Payal Nanavati and Judy Choi.
"NIST Surveys and Assesses Broad Landscape of IoT Cybersecurity Standards in Interagency Report," Crowell & Moring's Data Law Insights (December 26, 2018). Authors: Cheryl A. Falvey, Gabriel M. Ramsey, Kate M. Growley, CIPP/G, CIPP/US and Paul Mathis.
"SEC Encourages Internal Accounting Controls to Guard Against Cyber Fraud ," Crowell & Moring's Data Law Insights (November 8, 2018). Authors: Paul M. Rosen, Daniel L. Zelenko, Kate M. Growley, CIPP/G, CIPP/US, Michael G. Gruden, CIPP/G and Paul Mathis.
"NIST Offers Insight Into Updated Risk Management Framework," Crowell & Moring's Data Law Insights (October 30, 2018). Authors: Peter B. Miller, Kate M. Growley and Michael G. Gruden.
"Navy Boils The Ocean on Cyber," Crowell & Moring's Data Law Insights (October 24, 2018). Authors: Evan D. Wolff, Kate M. Growley and Michael G. Gruden.
"New Internet of Things (IoT) NIST Draft Publication Provides Welcomed Guidance," Crowell & Moring's Data Law Insights (October 17, 2018). Authors: Cheryl A. Falvey, Kate M. Growley and Michael G. Gruden.
"Finally, Cyber Help For Small Businesses Is On Its Way," Law360 (October 1, 2018). Authors: Evan D. Wolff, Paul M. Rosen, Kate M. Growley, and Michael Gruden.
"New Draft NIST Guidance on Systems Security Engineering," Crowell & Moring's Government Contracts Legal Forum (April 24, 2018). Authors: Evan D. Wolff, Peter B. Miller, Maida Oringher Lerner, Kate M. Growley, Judy Choi, Michael G. Gruden and Payal Nanavati.
"State of Play: Digital Transformation – The Sky's the Limit," Crowell & Moring's Regulatory Forecast 2018 (February 2018). Contributors: Cheryl Falvey, Scott Winkelman, Kate Growley, Jeffrey Selman, Jodi Daniel, Evan Wolff, and Robert Holleyman.
"Is Government Data at Risk? Study Finds Industry Cybersecurity Lagging Government," Crowell & Moring's Data Law Insights (February 26, 2018). Authors: Paul M. Rosen, Kate M. Growley and Michael G. Gruden.
"National Archives Issues New, But Limited, CUI Contract Guidance," Crowell & Moring's Data Law Insights (February 8, 2018). Authors: Kate M. Growley and Michael G. Gruden.
"Court Allows Data Breach Claims Against Kimpton," Crowell & Moring's Data Law Insights (April 20, 2017). Authors: Maida Oringher Lerner, Kate M. Growley and Charles D. Austin.
"New OCR Settlement Targets Safety Net Provider on Security Rule Deficiencies," Crowell & Moring's Data Law Insights (April 14, 2017). Authors: Daniel E. Vinish, Maida Oringher Lerner, Stephanie D. Willis and Kate M. Growley.
"CFAA Conviction for Accessing and Damaging Former Employer’s Computer System," Crowell & Moring's Data Law Insights (March 1, 2017). Authors: Jeffrey L. Poston, Kate M. Growley and Charles Austin.
"Inside NHTSA's Proposed Cybersecurity Best Practices," Law360 (November 15, 2016). Authors: Scott L. Winkelman, Peter B. Miller, Kate M. Growley, Danielle Rowan, and Justin Kingsolver.
"Cleared Contractors Under the Gun as Insider Threat Program Deadline Approaches," Bloomberg BNA Insights (November 11, 2016). Authors: Adelicia R. Cliffe, Kate M. Growley, Maida Oringher Lerner, Peter B. Miller, and Evan D. Wolff.
"Insider Threats Meet Litigation," Crowell & Moring's Data Law Insights (September 27, 2016). Author: Kate M. Growley.
"Government Contractor Argues the Insider Threat," Crowell & Moring's Trade Secrets Trends (September 21, 2016). Authors: Andrew W. Bagley and Kate M. Growley.
"U.S. Chamber of Commerce on Trade Secrets Protections," Crowell & Moring's Data Law Insights (September 21, 2016). Author: Kate M. Growley.
"U.S. Chamber of Commerce Calls for Greater Trade Secrets Protection," Crowell & Moring's Trade Secrets Trends (September 20, 2016). Author: Kate M. Growley.
"2nd Circuit: Government Cannot Force Companies to Hand Over Communications Data Stored Overseas," Crowell & Moring's Data Law Insights (July 15, 2016). Authors: Stephen M. Byers, Jeffrey L. Poston, Evan D. Wolff, Kate M. Growley, and Justin Kingsolver.
"The Foreign Sovereign Immunities Act: 2014 Year in Review," Law and Business Review of the Americas (Summer 2016). Authors: Laurel Pyke Malson, Aryeh S. Portnoy, Emily Alban, Shannon Barnard, Kate M. Growley, and Belinda Liu.
"Privacy & Cybersecurity News Update- 3 Week Summary," Crowell & Moring's Data Law Insights (April 26, 2016). Authors: Lisa Weinert, Peter B. Miller, Kate M. Growley, Danielle Rowan, and Justin Kingsolver.
"Privacy & Cybersecurity Weekly News Update," Crowell & Moring's Data Law Insights (January 8, 2016). Authors: Justin Kingsolver and Kate M. Growley.
"The Foreign Sovereign Immunities Act: 2013 Year in Review," Law and Business Review of the Americas (January 5, 2016). Authors: Laurel Pyke Malson, Aryeh S. Portnoy, Birgit Kurtz, Theresa Buckley, Kate M. Growley, Namrata Kotwani, and Ethan W. Simonowitz.
"Unmanned Aerial Vehicles Flying in the New Frontier: Emerging Acquisition, Security, Privacy, and Technology Issues," American Bar Association (Fall 2015). Authors: David Z. Bodenheimer and Kate M. Growley.
"Privacy-Cybersecurity Weekly News Update December 14-18, 2015," Crowell & Moring's Data Law Insights (December 22, 2015). Authors: Justin Kingsolver and Kate M. Growley.
"Privacy-Cybersecurity Weekly News Update December 6- 11, 2015," Crowell & Moring's Data Law Insights (December 16, 2015). Authors: Kate M. Growley and Justin Kingsolver.
"Hello Barbie (and Lawsuit)" Crowell & Moring's Retail & Consumer Products Law Observer (December 11, 2015). Author: Kate M. Growley.
"Privacy-Cybersecurity Weekly News Update November 29- December 4, 2015," Crowell & Moring's Data Law Insights (December 9, 2015). Authors: Kate M. Growley and Justin Kingsolver.
"U.S.-EU Data Transfer Turmoil: What It Means for Universities," Law360 (November 4, 2015). Authors: Laurel Pyke Malson, Jeffrey L. Poston, Robin B. Campbell, Peter B. Miller, Christopher Hoff, and Kate Growley.
"Interim Rule Could Expand Already Onerous DFARS Cyber Requirements," Crowell & Moring's Data Law Insights (August 27, 2015). Authors: Kate M. Growley, Evan D. Wolff, and Maida Oringher Lerner.
"Interim Rule Could Expand Already Onerous DFARS Cyber Requirements," Crowell & Moring's Government Contracts Legal Forum (August 27, 2015). Authors: Kate M. Growley, Maida Oringher Lerner and Evan D. Wolff.
"What The OMB Cybersecurity Proposal Does And Doesn't Do," Law360 (August 19, 2015). Authors: Kate M. Growley, Peter B. Miller, Maida Oringher Lerner, and Evan D. Wolff.
"Three State Data Breach Laws Set to Change This Summer," Crowell & Moring's Data Law Insights (May 27, 2015). Author: Kate M. Growley.
"Supreme Court to Consider Congressionally-Conferred Privacy Breach Standing," Crowell & Moring's Data Law Insights (April 29, 2015). Authors: Jeffrey L. Poston and Kate M. Growley.
"Resolution 101 – The Senate's Position on the Internet of Things," Crowell & Moring's Retail & Consumer Products Law Observer (April 1, 2015). Co-Authors: Kate M. Growley and Elliot Golding.
"The 'Sense of the Senate' is Pro-Internet of Things," Crowell & Moring's Data Law Insights (March 26, 2015). Co-Authors: Elliot Golding and Kate M. Growley.
"Cyber Executive Order Continues the Push for Public-Private Partnerships," Crowell & Moring's Data Law Insights (February 23, 2015). Authors: Evan D. Wolff, Peter B. Miller, Kate M. Growley, and Maida Oringher Lerner.
The Foreign Sovereign Immunities Act: 2012 Year in Review, Law and Business Review of the Americas, Vol. 20 (Fall 2014). Co-Authors: Laurel Pyke Malson, Jesse Kirchner, Joanna Coyne, Aryeh S. Portnoy, Kate M. Growley, Namrata Kotwani, Amal Bouhabib, Louisa K. Marion, and Moreen O’Brien.
"Industry Collaborations on Cybersecurity: Protecting Against Antitrust Violations," ABA Section of Criminal Justice, Vol. 29, No. 3 (Fall 2014). Co-Authors: Evan D. Wolff, David Laing, Kate M. Growley, and Elizabeth Blumenfeld.
"View From Crowell & Moring: Getting Ahead of the DFARS Safeguarding Clause," Bloomberg BNA Federal Contracts Report (September 9, 2014). Co-Authors: David Z. Bodenheimer, Evan D. Wolff, and Kate M. Growley.
"DOJ and FTC Help Pave the Way For Greater Cyber Information Sharing in the Private Sector," Bloomberg BNA Antitrust & Trade Regulation Report (July 11, 2014). Co-Authors: David Laing, Evan D. Wolff, Elizabeth Blumenfeld, and Kate M. Growley.
"White House Report on Big Data Seeks Legislative and Executive Action," Crowell & Moring's E-Discovery Law Insights (May 6, 2014). Author: Kate M. Growley.
"The FTC 'Pins' Cole Haan on Pinterest Campaign: Disclosure of Contest Driving Endorsement of Products Required," Crowell & Moring's Retail & Consumer Products Law Observer and The Secure Times, ABA Section of Antitrust Law Privacy & Information Security Committee (April 28, 2014). Co-Authors: Cheryl A. Falvey and Kate M. Growley.
"The 'Cyber Framework' Arrives," Crowell & Moring's Government Contracts Legal Forum (February 13, 2014). Co-Authors: David Z. Bodenheimer, Evan D. Wolff, Elliot Golding, and Kate M. Growley.
"The Growing Transparency Into National Security Letters," The Secure Times, ABA Section of Antitrust Law Privacy & Information Security Committee (February 6, 2014). Author: Kate M. Growley.
"Amidst a Swirling Privacy Debate, Transparency is Crucial," Crowell & Moring's E-Discovery Law Insights (December 13, 2013). Co-Authors: Kate Molony and Elizabeth Blumenfeld.
"White House Previews Potential Incentives for Voluntary Cyber Framework," Crowell & Moring's Government Contracts Legal Forum (September 11, 2013). Co-Authors: Kate Molony and Elizabeth Blumenfeld.
"Cybersecurity and Data Privacy in 2013: Contracting in a Time of Increased Scrutiny," Crowell & Moring's Government Contracts Legal Forum (August 23, 2013). Author: Kate Molony.
"Cybersecurity and Data Privacy in 2013: Contracting in a Time of Increased Scrutiny," Crowell & Moring's E-Discovery Law Insights (August 23, 2013). Co-Authors: Kate Molony, Gordon Griffin, Amelia Schmidt, and Elliot Golding.
"How Quickly 120 Days Pass – Deadline for Cyber EO," Crowell & Moring's Government Contracts Legal Forum (June 14, 2013). Author: Kate Molony.
"Influential Senators Propose Bipartisan Deter Cyber Theft Act," Crowell & Moring's E-Discovery Law Insights (May 9, 2013). Author: Kate Molony.
"Gagging the FBI – The Unconstitutionality of National Security Letters," Crowell & Moring's E-Discovery Law Insights (April 16, 2013). Author: Kate Molony.
"Cybersecurity Receives Presidential Push with New Cyber Executive Order," Crowell & Moring's Government Contracts Legal Forum (February 14, 2013). Co-Authors: Gordon Griffin, Kate Molony, and David Z. Bodenheimer.
"New Cyber Breach Amendment Raises Questions for Cleared Contractors," Crowell & Moring's Government Contracts Legal Forum (December 10, 2012). Co-Authors: Kate Molony and David Z. Bodenheimer.
"CISPA Faces Uphill Battle," Crowell & Moring's Government Contracts Legal Forum (May 9, 2012). Author: Kate Molony.
The Foreign Sovereign Immunities Act: 2010 Year in Review, Law and Business Review of the Americas (Spring 2012). Co-Authors: Aryeh S. Portnoy, Laurel Pyke Malson, Moreen O’Brien, Jesse J. Kirchner, Amal Bouhabib, Louisa Marion, and Kate M. Growley.
"Proposed Defense Budget Reflects National Security Priorities," Crowell & Moring's Government Contracts Legal Forum (February 9, 2012). Author: Kate Molony.

Client Alerts & Newsletters

"Double Whammy: NIST Unveils Draft Enhanced Security Requirements and Revisions to NIST SP 800-171," Government Contracts Bullet Points (June 21, 2019). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Maida Oringher Lerner, Michael G. Gruden, CIPP/G
"DoD Previews New Third-Party Cyber Certification Requirements," Government Contracts Bullet Points (June 17, 2019). Contacts: Evan D. Wolff, Maida Oringher Lerner, Kate M. Growley, CIPP/G, CIPP/US, Michael G. Gruden, CIPP/G
"Oregon Latest State to Require Reasonable Security for IoT Devices," Regulatory Alert (June 7, 2019). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Cheryl A. Falvey, Lee Matheson, CIPP/US/E/A, CIPM, PCIP
"The U.S. Announces Endorsement of OECD’s Principles for Responsible AI," Government Contracts Bullet Points (June 4, 2019). Contacts: Kris D. Meade, Rebecca L. Springer, Kate M. Growley, CIPP/G, CIPP/US, Laura J. Mitchell Baker, Michelle D. Coleman
"More Storms Ahead for the Defense Sector Supply Chain? GAO to Conduct Review of Climate Change-Driven Security Risks," Government Contracts Bullet Points (May 29, 2019). Contacts: Paul Freeman, Robert Meyers, Adelicia R. Cliffe, Kate M. Growley, CIPP/G, CIPP/US, Peter Eyre
"New Executive Order on IT Supply Chain Takes Aim at Huawei and Others, Poses Significant Implications for Government Contract Supply Chains," Government Contracts Bullet Points (May 16, 2019). Contacts: Paul Freeman, Adelicia R. Cliffe, Peter Eyre, Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff
"New Jersey Passes Updated Data Breach Law," Privacy Law Alert (May 16, 2019). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Rebecca Monck Ricigliano, Lee Matheson, CIPP/US/E/A, CIPM, PCIP
"Navy Identifies Defense Industrial Base Cyber Shortcomings in New Report," Government Contracts Bullet Points (March 22, 2019). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Maida Oringher Lerner, Michael G. Gruden, CIPP/G
"DCMA’s Cybersecurity Oversight Takes Shape: Revised CPSR Guidebook Outlines DFARS Safeguarding Clause Audit Standards," Government Contracts Bullet Points (March 6, 2019). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Maida Oringher Lerner, Christopher D. Garcia, Nicole Owren-Wiest, Michael G. Gruden, CIPP/G
"The U.S. Takes Steps to Ensure Its Dominance in the AI Arms Race," Government Contracts Bullet Points (February 15, 2019). Contacts: Adelicia R. Cliffe, Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Laura J. Mitchell Baker, Michelle D. Coleman
"Upping the Cyber Oversight Ante: DoD Deploys DCMA to Audit Contractor Supply Chain Compliance," Government Contracts Bullet Points (January 28, 2019). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Maida Oringher Lerner, Nicole Owren-Wiest, Michael G. Gruden, CIPP/G
"California Department of Justice Announces Public Forums on California Consumer Privacy Act (CCPA) as Part of Rulemaking Process," Privacy Law Alert (January 4, 2019). Contacts: Jeffrey L. Poston, Kate M. Growley, CIPP/G, CIPP/US, Kristin J. Madigan, CIPP/US, Paul M. Rosen
"Lessons From the House Report on the Equifax Breach," Privacy Law Alert (December 20, 2018). Contacts: Jeffrey L. Poston, Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Kristin J. Madigan, CIPP/US, Paul M. Rosen, Lee Matheson, CIPP/US/E/A, CIPM, PCIP
"DoD's Own Cyber Monday Deal: Releasing DFARS Cyber Enhancement Guidance," Government Contracts Bullet Points (November 27, 2018). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Maida Oringher Lerner, Michael G. Gruden, CIPP/G
"Navy Makes Waves By Increasing Cybersecurity Requirements for Select Defense Industrial Base Contractors," Government Contracts Bullet Points (November 1, 2018). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Michael G. Gruden, CIPP/G
"New National Cyber Strategy Outlines President's Cyber Agenda," Privacy Law Alert (October 5, 2018). Contacts: Evan D. Wolff, Paul M. Rosen, Kate M. Growley, CIPP/G, CIPP/US, Michael G. Gruden, CIPP/G, Lee Matheson, CIPP/US/E/A, CIPM, PCIP
"California Enacts First IoT Security Law in U.S.," Regulatory Alert (October 2, 2018). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Cheryl A. Falvey, Molly A. Jones
"Finally Heard – Cyber Help for Small Businesses is on Its Way," Government Contracts Bullet Points (August 22, 2018). Contacts: Evan D. Wolff, Paul M. Rosen, Kate M. Growley, CIPP/G, CIPP/US, Michael G. Gruden, CIPP/G
"FY 2019 NDAA – Cyber Focus," Government Contracts Bullet Points (August 20, 2018). Contacts: Evan D. Wolff, Paul M. Rosen, Maida Oringher Lerner, Kate M. Growley, CIPP/G, CIPP/US, Michael G. Gruden, CIPP/G
"Deliver Uncompromised – or Else? DoD Considers Elevating Security in its Procurement Process," Government Contracts Bullet Points (August 14, 2018). Contacts: Adelicia R. Cliffe, Peter Eyre, Paul M. Rosen, Evan D. Wolff, Kate M. Growley, CIPP/G, CIPP/US
"Legislation to Stop Threatening Drones in Their Tracks," Privacy Law Alert (July 31, 2018). Contacts: Cheryl A. Falvey, Adelicia R. Cliffe, Maria Alejandra (Jana) del-Cerro, Kate M. Growley, CIPP/G, CIPP/US, Stephanie L. Crawford
"Relying On 'Seismic Shifts In Digital Technology,' Supreme Court Requires Probable Cause For Historical Cellphone-Location Data," White Collar Alert (June 25, 2018). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Nimrod Haim Aviad, Christopher D. Garcia, Paul M. Rosen, Rebecca Monck Ricigliano, Matt Gander
"NIST Offers a Two-for-One Special on Cybersecurity Updates," Government Contracts Bullet Points (June 20, 2018). Contacts: Paul M. Rosen, Evan D. Wolff, Maida Oringher Lerner, Kate M. Growley, CIPP/G, CIPP/US, Michael G. Gruden, CIPP/G
"Forget The Showers. April Brings Flurry of New Cyber Guidance.," Government Contracts Bullet Points (May 1, 2018). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Maida Oringher Lerner, Michael G. Gruden, CIPP/G
"Final Draft of NIST SP 800-171A Gives Contractors Something to Sample," Government Contracts Bullet Points (March 1, 2018). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Maida Oringher Lerner, Michael G. Gruden, CIPP/G
"National Archives Issues Non-FAR-Based Guidance for Controlled Unclassified Information," Government Contracts Bullet Points (February 13, 2018). Contacts: Michael G. Gruden, CIPP/G, Evan D. Wolff, Paul M. Rosen, Kate M. Growley, CIPP/G, CIPP/US
"No Post-Thanksgiving Break for Cyber – DoD and NIST Publish New Guidance," Government Contracts Bullet Points (December 1, 2017). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Paul M. Rosen, Michael G. Gruden, CIPP/G
"Gag Orders on Tech Companies: A Higher Burden on Prosecutors," Privacy Law Alert (November 20, 2017). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Christopher D. Garcia, Paul M. Rosen
"DOT and NHTSA Release New “2.0” Guidance for Automated Vehicles ," (September 14, 2017). Contacts: Paul M. Rosen, Matthew Cohen, Kate M. Growley, CIPP/G, CIPP/US
"DoD Meets Contractors Half-Way at Industry Information Day," Government Contracts Bullet Points (June 28, 2017). Contacts: Evan D. Wolff, Paul M. Rosen, Maida Oringher Lerner, Kate M. Growley, CIPP/G, CIPP/US
"Home Depot Settles Major Data Breach Suit with Financial Institutions for $25 Million," Privacy Law Alert (March 13, 2017). Contacts: Justin Kingsolver, Maida Oringher Lerner, Kate M. Growley, CIPP/G, CIPP/US
"This Month in International Trade — February 2017," International Trade Bulletin (March 9, 2017). Contacts: John B. Brew, Frances P. Hadfield, Edward Goetz, Melissa Morris, Jeffrey L. Snyder, Carlton Greene, David (Dj) Wolff, Ian A. Laird, Lorraine M. Campos, Evan D. Wolff, Maida Oringher Lerner, Kate M. Growley, CIPP/G, CIPP/US, Eduardo Mathison
"NYDFS Implements First-In-The-Nation Cybersecurity Rule for Covered Financial Services Companies," (February 28, 2017). Contacts: Evan D. Wolff, Carlton Greene, Maida Oringher Lerner, Kate M. Growley, CIPP/G, CIPP/US
"Beating Others to the Punch, DHS Proposes CUI Changes to Acquisition Regulations," Government Contracts Bullet Points (February 7, 2017). Contacts: Daniel R. Forman, Evan D. Wolff, Kate M. Growley, CIPP/G, CIPP/US
"Executive Order Targets Privacy Protections for Non-U.S. Persons," Privacy Law Alert (February 2, 2017). Contacts: Jeffrey L. Poston, Evan D. Wolff, Frederik Van Remoortel, Kate M. Growley, CIPP/G, CIPP/US
"NIST Updates Cybersecurity Framework (CSF)," Privacy Law Alert (January 18, 2017). Contacts: Evan D. Wolff, Maida Oringher Lerner, Kate M. Growley, CIPP/G, CIPP/US, Matthew B. Welling
"Standardizing Federal PII Breach Response: OMB Updates Guidance for Agencies, Contractors, and Grant Recipients," Government Contracts Bullet Points (January 11, 2017). Contacts: Peter B. Miller, CIPP/G/US/E, CIPM, CIPT, Kate M. Growley, CIPP/G, CIPP/US, Nkechi Kanu
"Privacy for Everyone! New FAR Rule Imposes Mandatory Training Requirements for Employees Handling PII," Government Contracts Bullet Points (December 28, 2016). Contacts: Gail D. Zirkelbach, Peter Eyre, Evan D. Wolff, Maida Oringher Lerner, Kate M. Growley, CIPP/G, CIPP/US, Nkechi Kanu
"Cleared Contractors Under the Gun As Insider Threat Program Deadline Approaches," Government Contracts Bullet Points (November 17, 2016). Contacts: Adelicia R. Cliffe, Kate M. Growley, CIPP/G, CIPP/US, Maida Oringher Lerner, Peter B. Miller, CIPP/G/US/E, CIPM, CIPT, Evan D. Wolff
"NHTSA Proposes Cybersecurity Best Practices for Automakers," Privacy Law Alert (November 1, 2016). Contacts: Scott L. Winkelman, Peter B. Miller, CIPP/G/US/E, CIPM, CIPT, Danielle Rowan, Justin Kingsolver, Kate M. Growley, CIPP/G, CIPP/US
"The Wait Is Over: Final DFARS Safeguarding Rule Published Today," Government Contracts Bullet Points (October 21, 2016). Contacts: Evan D. Wolff, David Z. Bodenheimer, Maida Oringher Lerner, Kate M. Growley, CIPP/G, CIPP/US
"Cyber Commission Seeks Public Comments on Enhancing Cybersecurity in the Digital Economy," Privacy Law Alert (August 12, 2016). Contacts: Evan D. Wolff, Maida Oringher Lerner, Peter B. Miller, CIPP/G/US/E, CIPM, CIPT, Kate M. Growley, CIPP/G, CIPP/US
"Presidential Policy Directive Lays Groundwork for National Incident Response Plan," Privacy Law Alert (July 28, 2016). Contacts: Evan D. Wolff, Jeffrey L. Poston, Maida Oringher Lerner, Peter B. Miller, CIPP/G/US/E, CIPM, CIPT, Kate M. Growley, CIPP/G, CIPP/US, Charles Baek
"Setting the Floor: New FAR Rule Defines Minimum Contractor Information System Safeguarding," Government Contracts Bullet Points (May 17, 2016). Contacts: David Z. Bodenheimer, Alan W. H. Gourley, Evan D. Wolff, Maida Oringher Lerner, Kate M. Growley, CIPP/G, CIPP/US
"The Federal and Corporate Cybersecurity Landscape," Government Contracts Bullet Points (February 22, 2016). Contacts: Evan D. Wolff, Kate M. Growley, CIPP/G, CIPP/US
"President's Cyber Action Plan Once Again Spotlights the Private Sector," Privacy Law Alert (February 10, 2016). Contacts: Evan D. Wolff, Kate M. Growley, CIPP/G, CIPP/US, Maida Oringher Lerner, Peter B. Miller, CIPP/G/US/E, CIPM, CIPT, Matthew B. Welling
"DoD's New Year's Gift: More Time to Meet Cyber Safeguarding Requirements," Government Contracts Bullet Points (December 30, 2015). Contacts: Evan D. Wolff, David Z. Bodenheimer, Kate M. Growley, CIPP/G, CIPP/US
"White House Issues Cybersecurity Plan for Agencies and Contractors," Government Contracts Bullet Points (November 3, 2015). Contacts: Peter Eyre, Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Peter B. Miller, CIPP/G/US/E, CIPM, CIPT
"EU-U.S. Data Transfer Turmoil: What It Means for Colleges and Universities," Privacy Law Alert (November 2, 2015). Contacts: Laurel Pyke Malson, Jeffrey L. Poston, Peter B. Miller, CIPP/G/US/E, CIPM, CIPT, Kate M. Growley, CIPP/G, CIPP/US
"Final Rule on Supply Chain Risk Fails to Provide Additional Guidance, Protection, or Relief from Uncertain Application," Government Contracts Bullet Points (November 2, 2015). Contacts: Alan W. H. Gourley, Adelicia R. Cliffe, Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff
"DoD Issues Long-Awaited Interim Rule on Cyber Requirements and Cloud Services," Government Contracts Bullet Points (September 3, 2015). Contacts: David Z. Bodenheimer, Evan D. Wolff, Peter Eyre, Maida Oringher Lerner, Kate M. Growley, CIPP/G, CIPP/US, Olivia Lynch
"What the OMB Cybersecurity Proposal Does and Doesn't Do," Government Contracts Bullet Points (August 28, 2015). Contacts: Evan D. Wolff, Peter B. Miller, CIPP/G/US/E, CIPM, CIPT, Maida Oringher Lerner, Kate M. Growley, CIPP/G, CIPP/US
"Third Circuit Upholds the FTC's Authority to Regulate 'Unfair' Data Security Practices," Privacy Law Alert (August 26, 2015). Contacts: Jeffrey L. Poston, Christopher A. Cole, Peter B. Miller, CIPP/G/US/E, CIPM, CIPT, Kate M. Growley, CIPP/G, CIPP/US
"Economic Espionage Poses Real Risks and New Burdens for Universities," Privacy Law Alert (July 6, 2015). Contacts: Laurel Pyke Malson, Evan D. Wolff, Maida Oringher Lerner, Kate M. Growley, CIPP/G, CIPP/US
"Inching Towards Uniformity – Proposed Rule Governing Controlled Unclassified Information," Government Contracts Bullet Points (May 14, 2015). Contacts: Alan W. H. Gourley, Maida Oringher Lerner, Kate M. Growley, CIPP/G, CIPP/US
"Cyber Executive Order Continues the Push for Public-Private Partnerships," Privacy Law Alert (February 20, 2015). Contacts: Evan D. Wolff, Maida Oringher Lerner, Peter B. Miller, CIPP/G/US/E, CIPM, CIPT, Kate M. Growley, CIPP/G, CIPP/US
"Are You Cyber Secure Under the DFARS Rule?," Government Contracts Bullet Points (September 17, 2014). Contacts: David Z. Bodenheimer, Evan D. Wolff, Kate M. Growley, CIPP/G, CIPP/US
"Florida Paves the Way For More Stringent State Data Breach Laws," Privacy Law Alert (June 26, 2014). Contacts: Jeffrey L. Poston, Evan D. Wolff, Kate M. Growley, CIPP/G, CIPP/US
"Another University Data Breach Adds to Growing Trend," Regulatory Alert (February 20, 2014). Contacts: Jeffrey L. Poston, Laurel Pyke Malson, Evan D. Wolff, Kate M. Growley, CIPP/G, CIPP/US
"NIST Releases Cybersecurity Framework," Government Contracts Bullet Points (February 12, 2014). Contacts: David Z. Bodenheimer, Evan D. Wolff, Kate M. Growley, CIPP/G, CIPP/US
"Cybersecurity Gets a Presidential Push in New EO," Government Contracts Bullet Points (February 14, 2013). Contacts: David Z. Bodenheimer, Jonathan M. Baker, Kate M. Growley, CIPP/G, CIPP/US

In the News

Pentagon To Require New Cybersecurity 'Certification' From Defense Contractors
May 31, 2019 — Inside Defense
What Contractors Should Expect From The Trump Administration
January 27, 2017 — Federal News Radio
Rule Targets Contractors' Use of Controlled Unclassified Info
November 8, 2016 — Bloomberg BNA
Insights From the Women of Cybersecurity
Spring 2016 — American Bar Association
The Federal and Corporate Cybersecurity Landscape
February 10, 2016 — Federal News Radio
5 Things Contractors Should Care About in 2016
January 18, 2016 — Federal News Radio
Government Contracts Group of the Year: Crowell & Moring
January 6, 2016 — Law360
Expert Tells Federal Contractors to Play It Safe, Invest in Compliance
May 12, 2015 — Bloomberg BNA
Defense Contractors Don't Want to Say When They've Been Hacked
December 13, 2012 — Mother Jones

Firm News & Announcements

Aug.22.2018	Crowell & Moring Counsel Kate Growley Named a Law360 2018 Cybersecurity & Privacy 'Rising Star'
Jan.09.2017	Crowell & Moring Elects Six New Partners and Promotes 19 Associates to Counsel
Jan.09.2015	Crowell & Moring's Government Contracts Group Named to Law360's "Practice Groups of the Year" for Fifth Consecutive Year
Jun.05.2014	Crowell & Moring Releases "Data Law Trends & Developments" Report