Recent Chinese data security laws could increase roadblocks for litigants seeking discovery in U.S. courts

Two new data security laws are making it increasingly difficult to obtain discovery materials located in China for U.S. litigants. The Data Security Law (“DSL”) and the Personal Information Protection Law (“PIPL”) require parties to seek approval from the Chinese government before sending any data from China to a foreign court or law enforcement authority.  Read more on how these new laws may affect U.S. litigation on Reed Smith’s Technology Law Dispatch Blog

CO AG hosts forum on state privacy laws, announces new privacy advisor

This past Friday, the Attorney General Alliance and the Colorado Department of Law held a symposium, “Colorado Privacy Act: Rights, Obligations, and Next Steps.” The symposium is another signal that state attorneys general (state AGs) around the country intend to take a primary role in influencing, and ultimately enforcing, data privacy policies. The panel discussions revolved around the Colorado Privacy Act (CPA), one of only three comprehensive data privacy laws in the nation—the other two being California’s Consumer Privacy Act of 2018 (CCPA) and Virginia’s Consumer Data Protection Act (VCDPA). Panelists, including the state legislators who sponsored the CPA, discussed the impact of the law since its enactment this past summer and how it could serve a model for other states to look to when considering their own comprehensive privacy laws.

Continue Reading

Federal agencies must update cybersecurity controls to achieve a zero trust architecture

On January 26, 2022, the U.S. Office of Management and Budget (OMB) published Memorandum M-22-09, “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles” (the ZTA Memorandum), which requires federal agencies to take a hard look at their cybersecurity controls, and invest in and implement new measures to better protect the government’s networks, systems, and devices. The ZTA Memorandum expands upon President Biden’s Executive Order 14028, “Improving the Nation’s Cybersecurity,” which stated the president’s general goals to advance the federal government toward zero trust architecture (ZTA). The ZTA Memorandum also follows President Biden’s “Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems,” issued on January 19, 2022, which established certain cybersecurity requirements for National Security Systems (NSS) and set forth the methods by which federal agencies could secure exceptions to these requirements when appropriate given unique mission needs. To comply with the ZTA Memorandum’s increased cybersecurity requirements, federal agencies will be required to invest in new and/or increased cybersecurity controls, policies, and procedures to move to a ZTA. For government contractors involved in IT modernization efforts for the federal government, this initiative will likely drive unique and evolving agency requirements, which will ultimately present new partnership opportunities.

Continue Reading

New D.C. legislation signals strong state AG position on harmful algorithms

Last week, D.C. Attorney General Karl Racine announced new D.C. legislation aimed at holding “companies & organizations accountable if their algorithms harm vulnerable communities.” The bill was introduced by the Chair of the City Council at the request of the AG.

This comes on the heels of a meeting held in Washington, D.C. last week by the National Association of Attorneys General (NAAG), a bi-partisan state AG organization that Racine has been the president of for the past year and for which he spearheaded many cutting-edge social justice reforms throughout the U.S. Last week’s NAAG meeting focused heavily on the potential harm algorithms could have on vulnerable individuals and groups and the role AGs have in preventing industries from using such algorithms in a variety of areas, including advertising, financial and medical services, and employment practices, to name only a few. Also emphasized was the influence AGs have to curb algorithmic abuse via legislation, enforcement actions, or both.

Continue Reading

Protest sustained because offeror with actual knowledge failed to notify agency of a key employee’s unavailability

On November 4, 2021, the Government Accountability Office (GAO) sustained a protest in the matter of Ashlin Management Group, Inc., B-419472.3; B-419472.4. Ashlin protested the issuance of an order to Booz Allen Hamilton, Inc. (BAH) under the Department of Labor’s Employment and Training Administration’s request for quotations for consulting services connected to the department’s Job Corps Program. The GAO’s decision serves as an important reminder that an offeror with actual knowledge of a key employee’s unavailability has a duty to notify an agency when that employee becomes unavailable, even after the submission of a proposal or quotation.

Continue Reading

Emerging digital technology, data privacy, and the surveillance economy: all high priorities for state AGs

State attorneys general (AGs) have in many ways been the tip of the spear on prioritizing consumer protection in conversations around emerging digital technologies—perhaps more so than even any federal government agency. With newsworthy data breach incidents, ransomware attacks, and personal data misuse allegations plaguing a new major U.S. company seemingly every week, state AGs are increasing looking to better understand this landscape and beef up their investigations and enforcement teams accordingly.

Continue Reading

DOJ announces Civil Cyber-Fraud Initiative with significant implications for government contractors

Consistent with the Biden Administration’s keen focus on improving the nation’s cybersecurity, as articulated in Executive Order 14028 and discussed in greater detail here, the Department of Justice (DOJ) formally announced the launch of its new Civil Cyber-Fraud Initiative (Initiative) on October 6, 2021. The Initiative will “combine the department’s expertise in civil fraud enforcement, government procurement and cybersecurity to combat new and emerging cyber threats to the security of sensitive information and critical systems.” Importantly, this Initiative aims to employ the DOJ’s civil enforcement tools, to pursue “government contractors who receive federal funds, when they fail to follow required cyber security standards.” In announcing the Initiative, DOJ Deputy Attorney General Lisa O. Monaco admonished government contractors that “have chosen silence under the mistaken belief that it is less risky to hide a [cybersecurity] breach than to bring it forward and to report it.” Continue Reading

Protest sustained because agency evaluation lacked sufficient detail for its disparate conclusions

On September 14, 2021, the Government Accountability Office (GAO) issued a decision in the matter of Marquis Solutions, LLC B-419891, B-419891.2, sustaining a protest. The GAO determined that the Department of Veteran Affairs’ (VA) source selection decision was unreasonable, lacked a meaningful evaluation, and was inconsistent with the terms of its solicitation and applicable statutes and regulations. The GAO based its decision on the fact that the agency record lacked the requisite evidence to support its disparate conclusions. This decision serves as yet another reminder to companies that are seeking to do business with the federal government that they should raise issues with an agency’s source selection decision when they believe that the decision misevaluates the proposal, appears to treat competitors unfairly and unequally, or fails to sufficiently document evaluation conclusions.

Continue Reading

Protest sustained because tradeoff decision was not sufficiently documented

When it comes to adjectival ratings assigned to proposals during a source selection, a very recent protest decision serves as a reminder that contracting agencies must document with specificity why they are selecting one offeror over another when both have been assigned identical adjectival ratings. In other words, when offerors receive identical adjectival ratings and the contemporaneous agency record fails to identify or explain any of the superior capabilities or features of the awardee’s proposal, that agency’s tradeoff decision may be invalidated, if challenged in a timely protest. Published on August 10, 2021, Alpha Omega Integration, LLC B-419812, B-419812.2, is a decision worth a closer look because it sustains a protest where an agency source selection official just didn’t go far enough in documenting the tradeoff decision.

Continue Reading

Context counts when it comes to proposal evaluations

When it comes to proposal evaluation, a recent decision serves as a stark reminder that an agency must consider the plain language of an offeror’s quote in the context of the entire quote or risk having its evaluation decision deemed to be unreasonable. Mayvin, Inc. (Mayvin) filed a protest with the Government Accountability Office (GAO) challenging the award of a blanket purchase agreement (BPA) to Bennett Aerospace, Inc. (Bennett). See Matter of: Mayvin, Inc., B-419301.7 (June 29, 2021). In its protest, Mayvin alleged that the Department of Justice, United States Marshals Service (USMS) disparately evaluated its quotation, and conducted an unreasonable best-value tradeoff analysis. On June 29, 2020, GAO published a decision sustaining this protest, finding that USMS 1) failed to treat certain “retention plan” language in the quotations equally, and 2) failed to consider certain quotation language, which ultimately tainted its best-value tradeoff analysis. Continue Reading