Why failure to comply with state contract cyber security and privacy requirements is increasingly likely to result in State Attorneys General enforcement
Abstract
State Attorneys General (AGs) are increasingly leveraging state false claims laws to enforce cyber security and privacy requirements in government contracts. This shift poses significant risks for state and local government contractors, as non-compliance can lead to penalties exceeding the contract’s value. Following the Department of Justice’s (DOJ) success with the False Claims Act and the Cyber Fraud Initiative, State AGs are recognising the potential for substantial revenue and public approval through these statutes. Traditionally used for Medicare and Medicaid violations, state false claims acts are now being applied to a broader range of contractual obligations, including cyber security. Recent DOJ settlements with contractors highlight the serious consequences of non-compliance. Contractors must be proactive in ensuring compliance with cyber security requirements to mitigate the risk of false claims litigation. This involves robust compliance policies, clear communication channels and thorough documentation of efforts to meet contractual obligations. This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.
The full article is available to subscribers to the journal.
Author's Biography
Ashley L. Taylor Ashley Taylor is the co-leader of Troutman Pepper’s State Attorneys General practice, a partner in the Regulatory Investigations, Strategy + Enforcement (RISE) practice group, and vice chair of the company. Known for his strategic acumen, Ashley advises clients on high-stakes government investigations, enforcement actions and litigation, focusing on consumer protection issues. He defends companies against state and federal regulatory claims, including marketing representations, statutory disclosures, unfair practices and data breaches. With experience as a former Deputy Attorney General (AG), Ashley navigates multistate AG investigations, federal agency actions and related litigation. He is deeply involved with the National Association of Attorneys General (NAAG), co-founded the American Bar Association’s State AG committee, and served on the U.S. Commission on Civil Rights (2004–10). Ashley graduated from Virginia Military Institute in 1990 and earned his J.D. from Washington and Lee University School of Law in 1993.
Gene Fishel is a member of Troutman Pepper’s Regulatory Investigations, Strategy + Enforcement (RISE) practice, based in the Richmond office. He brings extensive regulatory experience, having served as Senior Assistant Attorney General and chief of the Computer Crime Section in Virginia, and as Special Assistant US Attorney in the Eastern District of Virginia for 20 years. Gene has reviewed thousands of database breach incidents and investigated hundreds of cyber security, privacy and consumer protection violations. He has been instrumental in reforming privacy and computer crime laws, drafting and advocating for successful bills on database breach notification, electronic records, identity theft, computer trespass and child exploitation statutes. He led the professional development of attorneys and computer forensic examiners, overseeing more than 1,000 prosecutions and computer forensic investigations. With a deep understanding of cyber security and privacy issues, Gene guides clients through these challenges and advises them at every stage.
Dan Waltz focuses his practice on the intersection of industry and government. He regularly counsels clients in connection with government procurement and compliance issues, including Federal Acquisition Regulations (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS), domestic preference, mergers and acquisitions and small business issues. Dan also leverages his knowledge of the government to handle complex regulatory investigations, inquiries and other regulatory matters at the federal, state and local level, emphasising practical and sophisticated outcomes for his clients.
