Kate M. Growley, Counsel Washington, D.C.
kgrowley@crowell.com
Phone: +1 202.624.2698
1001 Pennsylvania Avenue NW
Washington, DC 20004-2595

Kate M. Growley is a counsel in the Washington, D.C. office of Crowell & Moring, where she is a member of the firm's Privacy & Cybersecurity, Government Contracts, and Litigation groups. Her practice covers a wide range of counseling and litigation engagements, including cybersecurity compliance reviews, risk assessments, incident response, law enforcement cooperation, regulatory investigations, data breach class actions, trade secrets litigation, and health care disputes.

Kate is a Certified Information Privacy Professional/United States (CIPP/US) and has been named a “Rising Star” by the American Bar Association's Science & Technology Section. She also serves as co-chair of the Science & Technology Section's Homeland Security Committee and as vice-chair of the Public Contract Law Section’s Cybersecurity, Privacy, & Data Protection Committee. These leadership roles enable her to stay abreast of the latest trends and developments within her practice areas. Additionally, she is an award-winning author and frequent public speaker, and she regularly trains clients, regulators, and other attorneys on cyber and data security issues.

Kate is an active leader within Crowell & Moring, supporting countless firm initiatives, including serving as co-chair of the firm's Women Attorneys' Network.

She received her J.D. from the University of Virginia School of Law, where her studies focused on national security. Prior to law school, she graduated first in her class from Florida State University, summa cum laude with honors.

Kate’s select engagements include:

Government Contracts Cybersecurity

  • Engaged in long-term partnerships with various defense contractors to craft and implement strategies for compliance with DFARS 252.204-7012, including initial gap assessments and subsequent remediation plans.
  • Assisted dozens of clients assess and comply with reporting obligations under DFARS 252.204-7012.
  • Counseled clients on compliance with basic safeguarding requirements under FAR 52.204-21 and privacy training requirements under FAR 52-224.3.
  • Assisted multiple clients conduct gap assessments under NIST SP 800-171 and NIST SP 800-53.
  • Counseled clients on cloud service provider obligations under DFARS 252.204-7012 and DFARS 252.239-7010.
  • Assisted major contractor evaluate potential disclosure obligations associated with subcontractor’s failure to implement various cybersecurity measures.
  • Assisted contractor evaluate multiple agencies’ cybersecurity requirements associated with overseas operations.
  • Counseled multiple contractors on information security programs focused on Covered Defense Information (CDI), Controlled Unclassified Information (CUI), and Sensitive Security Information (SSI).
  • Assisted multiple contractors evaluate entry into the Defense Industrial Base (DIB) Cybersecurity Information Sharing Program.

Incident Response

  • Represented major technology company in assessing and responding to well-publicized security incident, including assessments of customer notification obligations and litigation exposure, as well as regular engagement with U.S. and foreign law enforcement.
  • Assisted large manufacturer in assessing legal liabilities and government investigation associated with security incident stemming from Internet-connected devices provided by third parties.
  • Counseled major contractor in assessing notification obligations associated with large exfiltration of company data to a foreign nation.
  • Counseled non-government organization investigate and remediate security incident implicating personally identifiable information, as well as leading required individual and state Attorney General notifications.

Investigations, Litigation, and Arbitration

  • Represented multiple health care plans in regulatory investigations instituted by The Department of Health & Human Services Office of Civil Rights in response to privacy and security incidents.
  • Represented large non-profit organization in response to state Attorney General inquiry stemming from security incident.
  • Defended health care system in complex class actions stemming from security incident potentially affecting over 4.5 million individuals.
  • Defended former federal official regarding Bivens liability stemming from post-9/11 PENTTBOM investigation at both the Second Circuit and Supreme Court of the United States.
  • Defended Medicare Advantage organization in dispute brought by multiple health providers over the exhaustion of administrative remedies.
  • Defended Blue Cross and Blue Shield companies in national and statewide class actions asserting antitrust claims.
  • Represented multiple manufacturers in pursuing trade secret misappropriation claims in federal and state courts.
  • Represented software service provider in arbitration against competitor regarding contractual and unauthorized access claims.

Privacy and Cybersecurity Counseling


Kate also regularly counsels clients on a variety of privacy and information security issues, including:
  • Autonomous vehicles (AVs)
  • California’s Confidentiality of Medical Information Act (CMIA)
  • Family Educational Rights and Privacy Act (FERPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Internet of Things (IoT)
  • New York’s Department of Financial Services (DFS) Cybersecurity Requirements
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Penetration testing
  • Supply chain and vendor management
  • UAS/UAV (“drone”) regulations


Affiliations

Admitted to practice: District of Columbia and Virginia; U.S. Supreme Court



Highlights, News & Knowledge


Speeches & Presentations

  • "Cybersecurity for Contractors," Government Contracts "101" - Back to Basics, Washington, D.C. (October 26, 2017). Presenters: Paul M. Rosen, Evan D. Wolff and Kate M. Growley.
  • "Information Governance & Cybersecurity," Women in E-Discovery, Washington, D.C. (September 20, 2017). Panelist: Kate M. Growley.
  • "Hurry-Up Offense: Keeping Pace with Information Security and Privacy," OOPS 2017, Crowell & Moring's 33rd Annual Ounce of Prevention Seminar, Washington, D.C. (May 4, 2017). Presenters: Peter B. Miller, Paul M. Rosen, Evan D. Wolff, and Kate M. Growley.
  • "The Trump Administration's Acquisition Policy Agenda," The Coalition for Government Procurement Webinar (March 15, 2017). Presenters: Robert A. Burton, Stephen J. McBrady, and Kate M. Growley.
  • ABA Public Contract Law Section’s 3rd Annual Government Perspectives Panel on Cybersecurity, Washington, D.C. (February 22, 2017). Moderator: Kate M. Growley.
  • "What Will the New Year (and Administration) Bring for Government Contractors?" Crowell & Moring First 100 Days Webinar, Washington, D.C. (January 25, 2017). Presenters: Crowell & Moring Government Contracts Group.
  • "The Incoming Administration's Acquisition Policy Focus: Analysis & Commentary," 2016 Fall Training Conference, The Coalition for Government Procurement, Washington, D.C. (November 17, 2016). Presenters: Robert A. Burton, Stephen J. McBrady, and Kate M. Growley.
  • "Legal Careers in Cybersecurity, Privacy, and Information Law: An Evening of Networking and Discussions with the Experts on How They Arrived," American Bar Association Cross-Section Program (October 13, 2016). Moderators: David Z. Bodenheimer and Kate M. Growley. Speaker: Cheryl A. Falvey.
  • "Cybersecurity Table Top for a Congressional Cyber Security Lab Program," Wilson Center, Washington, D.C. (June 10, 2016). Moderator: Evan D. Wolff. Facilitators: Peter B. Miller, Harvey Rishikof, Maida Oringher Lerner, Elliot Golding, and Kate Growley.
  • "Regulating Information: Cybersecurity, Internet of Things, & Exploding Rules," OOPS 2016, Crowell & Moring's 32nd Annual Ounce of Prevention Seminar, Washington, D.C. (May 25-26, 2016). Moderator: David Z. Bodenheimer. Panelists: Evan D. Wolff and Kate M. Growley.
  • "Federal Contracting and Cybersecurity: What Higher Education Institutions Need to Know," Webinar (March 3, 2016). Panelists: Laurel Pyke Malson, Evan D. Wolff, Lorraine M. Campos, Harvey Rishikof and Kate M. Growley.
  • "What Will the New Year Bring," Crowell & Moring Webinar, Washington, D.C. (January 14, 2016). Presenters: Crowell & Moring Government Contracts Group.
  • "Government Contracting on the Cybersecurity Frontier: Cyber Landmines, Compliance Risks, and Emerging Rules," American Bar Association Webinar (December 17, 2015). Presenters: David Z. Bodenheimer and Kate M. Growley.
  • "Understanding Drone Privacy Law Regarding Unmanned Aerial Vehicles (UAVs)," ABA Webinar (December 1, 2015). Moderator: Kate M. Growley.
  • "Cybersecurity," Women in eDiscovery, Washington, D.C. (October 21, 2015). Presenter: Kate M. Growley.
  • "Cybersecurity & Data Privacy: Tackling Tough Questions for Federal Agencies & Contractors," Thompson Interactive Webinar (May 7, 2015). Presenters: Kate M. Growley, Gordon Griffin, Yuan Zhou, and Sharmistha Das.
  • "Cybersecurity Risk Management: The View from Washington and Beyond," OOPS 2015, Crowell & Moring's 31st Annual Ounce of Prevention Seminar, Washington, D.C. (May 5-6, 2015). Moderator: Peter B. Miller; Panelists: Evan D. Wolff, Maida Oringher Lerner, and Kate M. Growley.
  • "Cybersecurity and Government Contracting: Regulations, Implications and Compliance," Federal Publications Seminars, Washington, D.C. (April 14, 2015). Presenters: David Z. Bodenheimer, Kate M. Growley, Yuan Zhou, and Sharmistha Das.
  • "Issues Relating to Cybersecurity Rules Affecting Government Contractors," ABA Public Contract Law Section Council Meeting, Washington, D.C. (March 14, 2015). Speaker: Kate M. Growley.
  • "ABA Young Leaders on Cybersecurity, Privacy, & Information Law: Rapid-Fire Retrospectives on 2014 and Predictions for 2015," ABA's PCL and SciTech Sections, teleconference (December 8, 2014). Panelists: Elliot Golding and Kate M. Growley.
  • "Cyber Crisis Management: Are You Prepared?" OOPS 2014, Crowell & Moring's 30th Annual Ounce of Prevention Seminar, Washington, D.C. (May 13-14, 2014). Moderator: Evan D. Wolff; Presenters: David Z. Bodenheimer, Kelly T. Currie, and Kate M. Growley.
  • "Cybersecurity and Data Privacy in 2013: Contracting in a Time of Increased Scrutiny," L2 Federal Resources Webinar (September 19, 2013). Presenters: Gordon Griffin, Elliot Golding, Amelia Schmidt, and Kate Molony.
  • “Issues in Cybersecurity,” Lecture at University of Virginia’s Sorensen Institute Political Leaders Program (July 13, 2013). Presenters: Kate Molony and Dr. Steven Bucci of the Heritage Foundation.
  • "Cybersecurity for the Next Generation of Government Contractors," Presentation to L2's NextGen Government Contractors Association (April 30, 2013). Presenters: David Z. Bodenheimer, Gordon Griffin, and Kate Molony.


Publications



Client Alerts & Newsletters



In the News



Firm News & Announcements

Jan.09.2017 Crowell & Moring Elects Six New Partners and Promotes 19 Associates to Counsel
Jan.09.2015 Crowell & Moring's Government Contracts Group Named to Law360's "Practice Groups of the Year" for Fifth Consecutive Year
Jun.05.2014 Crowell & Moring Releases "Data Law Trends & Developments" Report