Photograph of Kate M. Growley View LinkedIn page Download V-card

Kate M. Growley

Phone: +1 202.624.2698
1001 Pennsylvania Avenue NW
Washington, DC 20004-2595

Kate M. Growley is a counsel in the Washington, D.C. office of Crowell & Moring, where she is a member of the firm's Privacy & Cybersecurity, Government Contracts, and Litigation groups. Her practice covers a wide range of counseling and litigation engagements, including cybersecurity compliance reviews, risk assessments, incident response, law enforcement cooperation, regulatory investigations, data breach class actions, trade secrets litigation, and health care disputes.

Kate is a Certified Information Privacy Professional/United States (CIPP/US) and has been named a “Rising Star” by the American Bar Association's Science & Technology Section. She also serves as co-chair of the Science & Technology Section's Homeland Security Committee and as vice-chair of the Public Contract Law Section’s Cybersecurity, Privacy, & Data Protection Committee. These leadership roles enable her to stay abreast of the latest trends and developments within her practice areas. Additionally, she is an award-winning author and frequent public speaker, and she regularly trains clients, regulators, and other attorneys on cyber and data security issues.

Kate is an active leader within Crowell & Moring, supporting countless firm initiatives, including serving as co-chair of the firm's Women Attorneys' Network.

She received her J.D. from the University of Virginia School of Law, where her studies focused on national security. Prior to law school, she graduated first in her class from Florida State University, summa cum laude with honors.

Kate’s select engagements include:

Cybersecurity for Government Contracts

  • Engaged in long-term partnerships with various defense contractors to craft and implement strategies for compliance with DFARS 252.204-7012, including initial gap assessments and subsequent remediation plans.
  • Assisted dozens of clients assess and comply with reporting obligations under DFARS 252.204-7012.
  • Counseled clients on compliance with basic safeguarding requirements under FAR 52.204-21 and privacy training requirements under FAR 52-224.3.
  • Assisted multiple clients assess compliance with NIST SP 800-171 and NIST SP 800-53.
  • Advised multiple contractors regarding security obligations under the NISPOM, Privacy Act, and FISMA.
  • Counseled clients on cloud service provider obligations under DFARS 252.204-7012 and DFARS 252.239-7010.
  • Assisted major contractor evaluate potential disclosure obligations associated with subcontractor’s failure to implement various cybersecurity measures.
  • Assisted contractor evaluate multiple agencies’ cybersecurity requirements associated with overseas operations.
  • Counseled multiple contractors on information security programs focused on Covered Defense Information (CDI), Controlled Unclassified Information (CUI), and Sensitive Security Information (SSI).
  • Assisted multiple contractors evaluate entry into the Defense Industrial Base (DIB) Cybersecurity Information Sharing Program.

Incident Response

  • Represented major technology company in assessing and responding to well-publicized security incident, including assessments of customer notification obligations and litigation exposure, as well as regular engagement with U.S. and foreign law enforcement.
  • Assisted large manufacturer in assessing legal liabilities and government investigation associated with security incident stemming from Internet-connected devices provided by third parties.
  • Counseled major contractor in assessing notification obligations associated with large exfiltration of company data to a foreign nation.
  • Advised international manufacturer and government contractor regarding crisis management strategy in response to security vulnerability disclosure.
  • Counseled non-government organization in investigating and remediating security incident implicating personally identifiable information, as well as leading required individual and state Attorney General notifications.

Investigations, Litigation, and Arbitration

  • Represented multiple health care plans in regulatory investigations instituted by The Department of Health & Human Services Office of Civil Rights in response to privacy and security incidents.
  • Represented large non-profit organization and technology services provider in response to state Attorney General inquiries stemming from security incidents.
  • Defended health care system in complex class actions stemming from security incident potentially affecting over 4.5 million individuals.
  • Defended former federal official regarding Bivens liability stemming from post-9/11 PENTTBOM investigation at the trial level and on appeal, including the Supreme Court of the United States in Ziglar v. Abbasi.
  • Defended Medicare Advantage organization in dispute brought by multiple health providers over the exhaustion of administrative remedies.
  • Defended Blue Cross and Blue Shield companies in national and statewide class actions asserting antitrust claims.
  • Represented multiple manufacturers in pursuing trade secret misappropriation claims in federal and state courts.
  • Represented software service provider in arbitration against competitor regarding contractual and unauthorized access claims.

Privacy and Cybersecurity Counseling

Kate also regularly counsels clients on a variety of privacy and information security issues, including:
  • Autonomous vehicles (AVs)
  • California’s Confidentiality of Medical Information Act (CMIA)
  • Family Educational Rights and Privacy Act (FERPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Internet of Things (IoT)
  • New York’s Department of Financial Services (DFS) Cybersecurity Requirements
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Penetration testing
  • Supply chain and vendor management
  • UAS/UAV (“drone”) regulations


  • Florida State University, B.A. (2008) summa cum laude with honors
  • University of Virginia School of Law, J.D. National Security Law (2011)


Admitted to practice: District of Columbia and Virginia; U.S. Supreme Court

View More

"New Draft NIST Guidance on Systems Security Engineering," Crowell & Moring's Government Contracts Legal Forum (April 24, 2018). Authors: Evan D. Wolff, Peter B. Miller, Maida Oringher Lerner, Kate M. Growley, Judy Choi, Michael Gruden and Payal Nanavati.
"Final Draft of NIST SP 800-171A Gives Contractors Something to Sample," Government Contracts Bullet Points (March 1, 2018). Contacts: Kate M. Growley, Evan D. Wolff, Maida Oringher Lerner
Client Alert/Newsletter
"State of Play: Digital Transformation – The Sky's the Limit," Crowell & Moring's Regulatory Forecast 2018 (February 2018). Contributors: Cheryl Falvey, Scott Winkelman, Kate Growley, Jeffrey Selman, Jodi Daniel, Evan Wolff, and Robert Holleyman.
"Is Government Data at Risk? Study Finds Industry Cybersecurity Lagging Government," Crowell & Moring's Data Law Insights (February 26, 2018). Authors: Paul M. Rosen, Kate M. Growley and Michael Gruden.
"National Archives Issues Non-FAR-Based Guidance for Controlled Unclassified Information," Government Contracts Bullet Points (February 13, 2018). Contacts: Evan D. Wolff, Paul M. Rosen, Kate M. Growley
Client Alert/Newsletter
"National Archives Issues New, But Limited, CUI Contract Guidance," Crowell & Moring's Data Law Insights (February 8, 2018). Authors: Kate M. Growley and Michael Gruden.
"What Will the New Year Bring: Top Headlines, Headaches, and Developments for Government Contractors to Watch in 2018," Crowell & Moring Webinar (January 25, 2018). Presenters: Crowell & Moring Government Contracts Group.
"Intellectual Property, Information Technology and Cybersecurity," PubKGroup's 3rd Annual Year In Review Webinar (December 7, 2017). Panelist: Nicole Owren-West and Kate M. Growley.
"No Post-Thanksgiving Break for Cyber – DoD and NIST Publish New Guidance," Government Contracts Bullet Points (December 1, 2017). Contacts: Kate M. Growley, Evan D. Wolff, Paul M. Rosen
Client Alert/Newsletter
"Gag Orders on Tech Companies: A Higher Burden on Prosecutors," Privacy Law Alert (November 20, 2017). Contacts: Kate M. Growley, Christopher D. Garcia, Paul M. Rosen
Client Alert/Newsletter

For all Highlights, News & Knowledge, please click here to view desktop bio.

Crowell & Moring LLP is an international law firm with more than 500 lawyers representing clients in litigation and arbitration, regulatory, and transactional matters. The firm is internationally recognized for its representation of Fortune 500 companies in high-stakes litigation, as well as its ongoing commitment to pro bono service and diversity. The firm has offices in Washington, DC, New York, Los Angeles, San Francisco, Orange County, London, and Brussels.

View Desktop Site | Mobile Sitemap

Contact | Subscribe | Terms of Use/Privacy Policy | Alumni

© Crowell & Moring LLP 2018
Attorney advertising - prior results do not guarantee a similar outcome.