The DOJ recently announced the launch of its Civil Cyber-Fraud Initiative, specifically targeting accountability of cybersecurity obligations for federal contractors and federal grant recipients. It will hold persons and entities accountable, via the False Claims Act, for several practices related to cybersecurity practices including: 1) putting U.S. information or systems at risk by knowingly providing […]
Over the last several months, a minority of states amended their data breach notification statutes or enacted sector-specific breach notification requirements. Specifically, nine states – Arkansas, Connecticut, Hawaii, Maine, Mississippi, Oregon, Tennessee, Texas, and Wisconsin – amended their state statutes to (1) impose notice requirements on state entities, (2) broaden existing definitions (e.g., expand the […]
DOJ Announces New Cyber-Fraud Initiative Promoting False Claims Act Enforcement Against Contractors and Grantees...
The Department of Justice has signaled that it will utilize civil enforcement of the False Claims Act (FCA) to address new and emerging cybersecurity threats. On October 6, 2021, Deputy Attorney General Lisa Monaco announced the launch of a new cyber-fraud initiative led by the Fraud Section of DOJ’s Commercial Litigation Branch. The new initiative […]
On October 6, the DOJ announced two new initiatives: The Civil Cyber-Fraud Initiative will fight rising cyber threats to government contractors and grant recipients, using the False Claims Act to penalize entities that knowingly provide deficient cybersecurity, misrepresent their cybersecurity practices, or violate their obligations to report incidents and data breaches. The newly created National […]
In a December 2020 speech, Deputy Assistant Attorney General Michael Granston warned that cybersecurity fraud could see enhanced enforcement under the False Claims Act (“FCA”). On October 6, 2021, Deputy Attorney General Lisa Monaco announced that the Department of Justice (“DOJ”) would be following through on that warning with the launch of the DOJ’s Civil […]
Under the newly announced Civil Cyber-Fraud Initiative, failures to comply with new incident-reporting requirements—in particular where the non-compliance is the result of an effort to conceal the occurrence of a cyber incident—will amount not to breach of contract, but to fraud against the government. Such violations are actionable under the False Claims Act by the […]
On October 6, the U.S. Department of Justice announced the launch of a National Cryptocurrency Enforcement Team (NCET) to add structure to and coordinate the DOJ’s investigative capabilities concerning unlawful uses of cryptocurrency, to increase prosecutions of criminal misuses of cryptocurrency, and to recover illicit proceeds. That last piece is especially striking, as it may […]
California’s Governor Gavin Newsom signed into law AB 694, which makes a few technical changes to the California Privacy Rights Act. The bill: Modifies the definition of “publicly available” information, by removing the apparently superfluous language “or by the consumer.” Changes when the California Privacy Protection Agency will assume responsibility for rulemaking from the “earlier” […]
DOJ’s Civil Cyber-Fraud Initiative Highlights False Claims Act Cybersecurity Risks for Government Contractors
The Department of Justice has announced an initiative to pursue civil False Claims Act enforcement actions against government contractors that knowingly fail to follow...
On October 8, President Biden signed the bipartisan K-12 Cybersecurity Act of 2021 into law. While the act offers little in the way of concrete reform, it represents both an important first step into the K-12 cyber landscape and a glimmer of hope that the federal government will be able to assist in both preventing […]