Kate M. Growley, CIPP/G, CIPP/US

Kate M. Growley is a counsel in the Washington, D.C. office of Crowell & Moring, where she is a member of the firm's Privacy & Cybersecurity, Government Contracts, and Litigation groups. Her practice covers a wide range of counseling and litigation engagements, including cybersecurity compliance reviews, risk assessments, incident response, law enforcement cooperation, regulatory investigations, data breach class actions, trade secrets litigation, and health care disputes.

Kate is a Certified Information Privacy Professional for both the U.S. private and government sectors (CIPP/US, CIPP/G) and has been named a “Rising Star” by both Law360 (2018) and the American Bar Association's Science & Technology Section (2016).

Firm/Organization: Crowell & Moring LLP

Blogs: C&M Health Law, Data Law Insights, Government Contracts Legal Forum, International Trade Law, Retail & Consumer Products Law Observer, Trade Secrets Trends

Latest Articles

International Trade Law

Privacy & Cybersecurity – New York Enacts the SHIELD Act

By Jarno Vanto, Evan D. Wolff, Kate M. Growley, CIPP/G, CIPP/US & Brandon C. Ge on August 20, 2019

Late last month, New York enacted the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act). In doing so, it has become the latest state to impose additional data security and breach notification obligations on businesses handling private data. The breach notification amendments take effect on October 23, 2019, while the data security requirements take effect on March 21, 2020. Expanded Breach Notification Requirements The SHIELD Act revises various definitions and increases the scope…

International Trade Law

Under the Wire: FAR Council Announces Interim Rule to Implement NDAA Procurement Ban on Huawei and Other Chinese Telecommunications Equipment

By Addie Cliffe, Alan W. H. Gourley, Paul Freeman, Kate M. Growley, CIPP/G, CIPP/US & Michael G. Gruden, CIPP/G on August 13, 2019

On August 13, 2019, the FAR Council will publish in the Federal Register an interim rule, FAR Subpart 4.21, effective immediately, which implements a portion of section 889 of the FY 2019 National Defense Authorization Act, specifically, the ban on government procurement of any equipment, system or service that uses covered telecommunications equipment or services from certain Chinese companies. The interim rule defines covered telecommunications equipment and services to include any telecommunications equipment or…

Data Law Insights

NIST Extends Comment Period for Two New Drafts

By Kate M. Growley, CIPP/G, CIPP/US & Allegra Flamm on July 15, 2019

The National Institute of Standards and Technology (“NIST”) has extended the comment period on its recently released draft documents, NIST SP 800-171 Revision 2 and NIST SP 800-171B. The comment period for both NIST SP 800-171 Revision 2 and NIST SP 800-171B was initially open until July 19, 2019. It was recently extended to August 2, 2019. NIST SP 800-171 Revision 2 contains only minor editorial revisions from the previous version and does not…

Retail & Consumer Products Law Observer

These Are a Few of Our Favorite IoT: NIST Finalizes Internet of Things Cyber Guidance

By Cheryl A. Falvey, Evan D. Wolff, Peter B. Miller, CIPP/G/US, CIPP/E, CIPM, CIPT, Kate M. Growley, CIPP/G, CIPP/US & Michael G. Gruden, CIPP/G on July 9, 2019

NIST has finalized Internet of Things (IoT) risk management guidance, which derived from a draft publication. The guidance informs government agencies how to understand and manage IoT risks throughout device lifecycles. Industry can anticipate government focus on three high-level goals: Device security; Data security; and Individual privacy. The publication highlights three differences between managing risks for IoT devices and conventional information technology devices: IoT devices interact with the physical world differently than conventional…

Data Law Insights

Oregon Passes IoT Security Law

By Cheryl A. Falvey, Kate M. Growley, CIPP/G, CIPP/US & Lee Matheson CIPP/US, CIPP/E, CIPP/A, CIPM on June 12, 2019

Oregon has recently passed a new cybersecurity statute, joining California in requiring manufacturers of “connected devices” to equip qualifying technology with “reasonable security features.” The new law will go into force on January 1, 2020. For further analysis, visit our recent client alert.…

Government Contracts Legal Forum

The U.S. Announces Endorsement of OECD’s Principles for Responsible AI

By Kris D. Meade, Rebecca Springer, Kate M. Growley, CIPP/G, CIPP/US & Laura J. Mitchell Baker on June 4, 2019

Following the announcement of the White House’s Executive Order on Maintaining American Leadership in Artificial Intelligence (EO) and the Department of Defense’s (DOD) Artificial Intelligence Strategy (AI Strategy) in February, as reported on here, the United States recently endorsed the Organization for Economic Co-operation and Development Council’s (OECD) Recommendation on Artificial Intelligence (Recommendation) – the world’s first intergovernmental policy guidelines for Artificial Intelligence (AI). In the Recommendation, the OECD sets forth the “Principles on…

International Trade Law

New Executive Order on IT Supply Chain Takes Aim at Huawei and Others, Poses Significant Implications for Government Contract Supply Chains

By Paul Freeman, Addie Cliffe, Peter J. Eyre, Kate M. Growley, CIPP/G, CIPP/US & Evan D. Wolff on May 16, 2019

On May 15, 2019, President Trump executed a new Executive Order (EO) likely to inject increased levels of scrutiny and uncertainty throughout the vast and interconnected web of government contract supply chains. The new EO, entitled “Securing the Information and Communications Technology and Services Supply Chain,” comes during a period of escalating trade tensions with China and following a breakdown of trade talks earlier in the week. The EO sets the stage for restricting…

Data Law Insights

Seventh Circuit Wades into Big Data Case Law

By Kate M. Growley, CIPP/G, CIPP/US, Joanne Oleksyk & Paul Rosen on March 28, 2019

As the country’s new Congress settles into its term, several technology issues are coming to the forefront. A number of Senators recently questioned the Department of Justice over how it is collecting cellphone-location data in the wake of the Supreme Court’s landmark Carpenter decision. Carpenter v. United States, 138 S. Ct. 2206 (2018). The House of Representatives is considering a renewed version of legislation that would strengthen the security of “Internet of Things” technologies used by the federal…

Government Contracts Legal Forum

Why Doing Business with the Government Will Get Tougher for Contractors In 2019—Read “Battening Down the Hatches on Cybersecurity” in our Regulatory Forecast

By Peter J. Eyre, Daniel R. Forman, Evan D. Wolff & Kate M. Growley, CIPP/G, CIPP/US on February 27, 2019

Crowell & Moring has issued its fifth annual report on regulatory trends for in-house counsel. “Regulatory Forecast 2019: What Corporate Counsel Need to Know for the Coming Year” explores a diverse range of regulatory developments coming out of Washington and other leading regulatory centers of power, and it takes a deep dive into international trade—examining the challenges and opportunities that will arise in the year ahead as global businesses compete in the digital…

Data Law Insights

DoD Increases DCMA Cybersecurity Responsibilities

By Kate M. Growley, CIPP/G, CIPP/US, Michael G. Gruden, CIPP/G & Evan D. Wolff on February 21, 2019

The Department of Defense recently released a memorandum directing the Defense Contract Management Agency (DCMA) to implement and assess company-wide cyber compliance with the DFARS Safeguarding Clause and related security standard, NIST SP 800-171. For further analysis, visit our Government Contracts Legal Forum blog post.…

Kate M. Growley, CIPP/G, CIPP/US

Privacy & Cybersecurity – New York Enacts the SHIELD Act

Under the Wire: FAR Council Announces Interim Rule to Implement NDAA Procurement Ban on Huawei and Other Chinese Telecommunications Equipment

NIST Extends Comment Period for Two New Drafts

These Are a Few of Our Favorite IoT: NIST Finalizes Internet of Things Cyber Guidance

Oregon Passes IoT Security Law

The U.S. Announces Endorsement of OECD’s Principles for Responsible AI

New Executive Order on IT Supply Chain Takes Aim at Huawei and Others, Poses Significant Implications for Government Contract Supply Chains

Seventh Circuit Wades into Big Data Case Law

Why Doing Business with the Government Will Get Tougher for Contractors In 2019—Read “Battening Down the Hatches on Cybersecurity” in our Regulatory Forecast

DoD Increases DCMA Cybersecurity Responsibilities

Company

Support

New to the Network