Photograph of Kate M. Growley, CIPP/G, CIPP/US View LinkedIn page Download V-card

Kate M. Growley, CIPP/G, CIPP/US

Partner

kgrowley@crowell.com
Phone: +1 202.624.2698
1001 Pennsylvania Avenue NW
Washington, DC 20004-2595

Kate M. Growley (CIPP/US, CIPP/G) is a partner in the Washington, D.C. office of Crowell & Moring. She is a member of the Steering Committee for the firm's Privacy & Cybersecurity Group, while working closely with the firm's Government Contracts and Litigation groups. Her practice covers a wide range of information security counseling and litigation engagements, including cybersecurity compliance, incident response, regulatory assessments and investigations, and disputes surrounding data breaches and trade secrets.

Kate is a Certified Information Privacy Professional for both the U.S. private and government sectors by the International Association of Privacy Professionals (IAPP). She has been nationally recognized by Chambers USA (2020) and named a “Rising Star” by both Law360 (2018) and the American Bar Association's Science & Technology Section (2016). Kate serves as co-chair for both the ABA Public Contract Law Section’s Cybersecurity, Privacy, & Data Protection Committee; and the Science & Technology Section's Homeland Security Committee. Kate also sits on PubK Law’s Advisory Board, advising on cybersecurity issues for government contractors. Most recently, Kate was inducted as a Fellow of the American Bar Foundation.

Kate received her J.D. from the University of Virginia School of Law, where her studies focused on national security. Prior to law school, she graduated first in her class from Florida State University, summa cum laude with honors.

Cybersecurity for Government Contractors

Kate maintains a robust cybersecurity practice focused on the government contracting community, particularly those working with the Department of Defense (DoD). Her recent engagements address issues including:

  • Crafting and implementing strategies to comply with DFARS 252.204-7012, including the drafting of system security plans (SSPs) and plans of action & milestones (POAMs).
  • Assisting clients prepare for certifications at all Levels under the DoD Cybersecurity Maturity Model Certification (CMMC).
  • Helping clients prepare for and respond to Defense Contract Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) assessments.
  • Assessing whether, when, and how to report cyber incidents; and responding to subsequent customer inquiries.
  • Understanding and negotiating cloud service provider and related vendor agreements, including security and reporting requirements under the Federal Risk and Authorization Management Program (FedRAMP) and DoD Cloud Computing Security Requirements Guide (SRG).
  • Assessing and complying with security obligations under the FAR 52.204-21, the NISPOM, Privacy Act, and FISMA, including those stemming from NIST SP 800-171 and NIST SP 800-53.
  • Evaluating and managing insider threat and supply chain risks, including potential disclosures.
  • Evaluating entry into formal information sharing programs.
  • Negotiating voluntary use of government investigation and hunt teams, including with the Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Missile Defense Agency (MDA).

Incident Response

On a daily basis, Kate is helping clients manage and respond to cyber incidents. Her practice covers the full incident lifecycle from tailoring incident response plans to finalizing formal notifications. Her work frequently involves close engagement with in-house and third-party forensics firms, as well as regulatory and business stakeholders. Example engagements include:

  • Represented major technology company in assessing and responding to well-publicized security incident, including assessments of global customer notification obligations and litigation exposure, as well as extensive cooperation with U.S. and foreign law enforcement.
  • Coordinated strategic response to insider threat issue resulting in potential compromise of trade secrets, as well as sensitive data related to individuals and customer contracts.
  • Advised national professional services firm in responding to and analyzing legal implications of network compromise potentially linked to an insider threat.
  • Assisted large manufacturer in responding to security incident stemming from Internet-connected devices provided by third parties, including assessments of potential legal liabilities and assistance with government agency investigations.
  • Counseled major technology services provider in assessing customer notification obligations associated with large exfiltration of company data to a foreign nation.
  • Advised international manufacturer regarding crisis management strategy in response to security vulnerability disclosure.
  • Counseled global manufacturer in assessing legal obligations stemming from globally-publicized ransomware attack.
  • Represented non-government organization in investigating and remediating security incident implicating personally identifiable information (PII), as well as leading required individual and state Attorney General notifications.

Investigations, Litigation, and Arbitration

In addition to her counseling practice, Kate maintains a steady docket of dispute resolution matters. Her engagements include:

  • Represented multiple health care plans in regulatory investigations instituted by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) in response to privacy and security incidents.
  • Represented large non-profit organization and technology services provider in response to state Attorney General inquiries stemming from security incidents.
  • Defended health care system in complex class actions stemming from security incident potentially affecting over 4.5 million individuals.
  • Defended former federal official regarding Bivens liability stemming from post-9/11 PENTTBOM investigation at the trial level and on appeal, including before the Supreme Court of the United States in Ziglar v. Abbasi.
  • Defended acting foreign official from allegations of terrorism.
  • Pursued indemnification claim under Public Law 85-804 on behalf of major defense contractor.
  • Defended insurer against complex cyber coverage claims brought by insured.
  • Defended Medicare Advantage organization at both the trial and appellate levels in dispute brought by multiple health providers over the exhaustion of administrative remedies.
  • Represented international hospitality company in federal litigation and related arbitration regarding claims of unfair competition and misappropriation of trade secrets.
  • Represented software service provider in arbitration regarding contractual and unauthorized access claims, including those brought under the Computer Fraud & Abuse Act (CFAA).

Privacy and Cybersecurity Counseling

Kate also regularly counsels clients on a variety of privacy and information security issues, including:

  • Artificial intelligence (AI) and big data
  • Autonomous vehicles (AVs)
  • Cloud migration and other digital transformation initiatives
  • Content moderation of online platforms
  • COVID-19-related privacy and security considerations
  • Family Educational Rights and Privacy Act (FERPA)
  • Internet of Things (IoT), including California and Oregon state law
  • New York’s Department of Financial Services (DFS) Cybersecurity Requirements
  • Payment Card Industry Data Security Standard (PCI DSS)
  • UAS/UAV (“drone”) regulations

Education

  • Florida State University, B.A. (2008) summa cum laude with honors
  • University of Virginia School of Law, J.D. National Security Law (2011)

Affiliations

Admitted to practice: District of Columbia and Virginia; U.S. Supreme Court

View More

"Buy 1 Get 2 Free Special on Cyber Regulations: DoD Interim Rule Unveils 3 New Clauses Geared at Cybersecurity Assessments," Privacy Law Alert (September 29, 2020). Contacts: Evan D. Wolff, Kate M. Growley, CIPP/G, CIPP/US, Maida Oringher Lerner, Michael G. Gruden, CIPP/G, Christopher R. Hebdon
Client Alert / Newsletter
"Information Risk Management & Security," Government Contracts "101" - Back to Basics Webinar (September 25, 2020). Presenters: Kate M. Growley, Evan D. Wolff, and Michael G. Gruden.
Speech/Presentation
"Recent FTC Guidance On The Use Of Artificial Intelligence And Algorithms In The Age Of COVID-19 ," The Computer & Internet Lawyer (September 2020). Authors: Monty Cooper, Jodi G. Daniel, Kate M. Growley, and Natalie O. Ludaway.
Publication
"Companies Protecting Trade Secrets Should Consider Role of NIST’s Enhanced Security Requirements," Crowell & Moring’s Trade Secrets Trends (July 16, 2020). Authors: Kate M. Growley, CIPP/G, CIPP/US, Julia Milewski and Michael G. Gruden, CIPP/G.
Publication
"JAIC Has More Work To Do in Developing Artificial Intelligence Standards, while DoD Components and Contractors Must Implement Security Controls Around Artificial Intelligence, Says DoD OIG," Government Contracts Bullet Points (July 9, 2020). Contacts: Adelicia R. Cliffe, Kate M. Growley, CIPP/G, CIPP/US, Michelle D. Coleman, Laura J. Mitchell Baker
Client Alert / Newsletter
"NIST Enhances Final Draft of NIST SP 800-172, Enhanced Security Requirements," Government Contracts Bullet Points (July 8, 2020). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Maida Oringher Lerner, Michael G. Gruden, CIPP/G, Christopher R. Hebdon
Client Alert / Newsletter
"Recent FTC Guidance on the Use of Artificial Intelligence and Algorithms in the Age of COVID-19," Privacy Law Alert (May 26, 2020). Contacts: Monty Cooper, Jodi G. Daniel, Kate M. Growley, CIPP/G, CIPP/US, Natalie O. Ludaway
Client Alert / Newsletter
"DoD’s Joint Artificial Intelligence Center Seeks Tools to Test Artificial Intelligence," Government Contracts Bullet Points (April 27, 2020). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Michelle D. Coleman, Laura J. Mitchell Baker
Client Alert / Newsletter
Chambers USA 2020 Ranks 53 Crowell & Moring Lawyers and 21 Practice Areas Among Best in U.S. (Apr.23.2020)
Firm News / Announcement
"Re-opening Your Business During A Pandemic – A Morass of Legal and Practical Issues To Consider," Crowell & Moring Webinar (April 21, 2020). Presenters: Trina Fairley Barlow, Jodi G. Daniel, Ellen Moran Dwyer, Cheryl A. Falvey, John Fuson, Thomas P. Gies, Kate M. Growley, and Nicole Janigian Simonian.
Speech/Presentation

For all Highlights, News & Knowledge, please click here to view desktop bio.

Crowell & Moring LLP is an international law firm with more than 500 lawyers representing clients in litigation and arbitration, regulatory, and transactional matters. The firm is internationally recognized for its representation of Fortune 500 companies in high-stakes litigation, as well as its ongoing commitment to pro bono service and diversity. The firm has offices in Washington, DC, New York, Los Angeles, San Francisco, Orange County, London, Brussels, and Shanghai.

View Desktop Site | Mobile Sitemap

Contact | Subscribe | Terms of Use | Privacy Statement | Alumni

© Crowell & Moring LLP 2020
Attorney advertising - prior results do not guarantee a similar outcome.