Department of Justice (DOJ)

On October 29, 2024, the Department of Justice (“DOJ”) published its Notice of Proposed Rulemaking (“NPRM”) to implement President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” This follows the DOJ’s publication of its Advance Notice of Proposed Rulemaking earlier this year. 

In 2021, the U.S. Department of Justice (“DOJ”) announced the launch of the Cyber-Fraud Initiative, a program utilizing the False Claims Act (“FCA”) to “pursue cybersecurity related fraud by government contractors and grant recipients.” Although the Initiative has netted less than 10 settlements, the two most recent serve as a reminder that data breaches with respect to government contracts can result in FCA exposure.

In its most recent enforcement effort as part of this Initiative, DOJ reached settlements with two consulting companies—Guidehouse Inc. (“Guidehouse”) and Nan McKay and Associates (“Nan McKay”)—in which both accepted responsibility for failing to comply with cybersecurity requirements in a federally funded contract and agreed to pay a total of $11.3 million to resolve related False Claims Act allegations.

This article explores implications of the settlements, as well as practical considerations for the industry.Continue Reading Practical Considerations for Government Contractors Following Recent DOJ Cyber-Fraud Initiative Settlements