Comment Print E-Mail

Cybersecurity, Department of Justice, FCA, Whistleblowers
More from: Andrew Levine, Erez Liebermann, Stephanie Cipolla, Debevoise & Plimpton

Andrew M. Levine and Erez Liebermann are Partners and Stephanie Cipolla is an Associate at Debevoise & Plimpton LLP. This post is based on a Debevoise memorandum by Mr. Levine, Mr. Liebermann, Ms. Cipolla, Luke Dembosky, Avi Gesser, and Jim Pastore.

Key Takeaways:

• Companies should consider adding cybersecurity personnel to their compliance teams. Given the technical nature of many cyber and AI whistleblower claims, it is important that the investigation team has the necessary expertise to evaluate the allegations or has access to consultants who can assist in that evaluation.
• Companies should also take steps to limit the risk of retaliation against cybersecurity whistleblowers.

On October 22, 2024, the U.S. Department of Justice (“DOJ”) announced that The Pennsylvania State University (“Penn State”), a public university in University Park, Pennsylvania, agreed to pay $1.25 million to resolve allegations that it violated the False Claims Act (the “FCA”). Specifically, Penn State allegedly failed to meet cybersecurity requirements in federal government contracts, misrepresented compliance timelines and plans, and failed to use a qualified external cloud service provider.

This is the latest settlement of cybersecurity-related FCA claims since DOJ announced its Civil Cyber-Fraud Initiative in October...

Read Full Story: https://news.google.com/rss/articles/CBMimAFBVV95cUxQVEpKRm9sQlRTYWFHektFbnIz...