"Changing Currents in Employment Law" is the D.C. Bar's annual three-hour event featuring legal updates and practice tips from the area's top employment attorneys — all for CLE credit. TELG's Scott Oswald serves as faculty chair and will moderate the event on October 26, 2021. Here he previews the panel on cybersecurity whistleblowing with panelist Jennifer Everett of Jones Day.
This video interview by
TELG managing principal R. Scott Oswald was published by The Employment Law Group, P.C. on August 12, 2021.
» “Changing Currents in Employment Law” will take place on October 26, 2021. Click here for more details and registration options.
(Transcribed and edited lightly by The Employment Law Group)
R. Scott Oswald: Welcome, everyone, to our preview of this year’s “Changing Currents in Employment Law,” the D.C. Bar’s fall employment law CLE. I am Scott Oswald. I am faculty chair of “Changing Currents in Employment Law,” and today, I am joined by Jennifer Everett. Jennifer is a partner at Jones Day in their D.C office, and Jennifer will be co-moderating a panel, “Vulnerable to Attack: The Growth of Cybersecurity Whistleblowing.”
Jennifer Everett: Thanks so much, Scott. It’s a pleasure to meet everyone, and I look forward to the panel coming up and chatting with everyone about this fantastic and actually very timely topic.
You know, from federal agencies to private hospitals, really the past year has demonstrated the growing sophistication of cybersecurity attacks and the need to safeguard data and networks from potential threat actors. So, during our panel, myself and my other co-panelist, we’ll be talking about not only the risks associated in terms of this ever-changing environment but also about the risks with and possibilities of potential whistleblowers initiating what’s called a false claim action on behalf of federal government. [We’ll be] exploring what those initiations, those claims, may look like and what companies in particular can do to mitigate, prepare, and respond to not only the cybersecurity threat but to the federal government’s increasing focus on protecting data.
I look forward to speaking about this panel.
Oswald: One of the problems of the federal government is it’s [not only] responsible for its own networks, but there may be a potential vulnerability with one of its contractors too, right?
Everett: That’s correct. That’s exactly correct, and because of that, the contractors are themselves not only subject to their cybersecurity requirements — by way of contract, for example — but again, the government is increasingly focused on cybersecurity risks, increasing cybersecurity measures, and of course, reporting requirements in the event that there’s a vulnerability or potential issue. Likewise, companies or individuals are empowered by the False Claims Act in particular to file or raise a claim in the event that there’s non-compliance. So you’re exactly right, Scott.
Oswald: So, let’s say I’m in the audience. I’m attending your panel. What are one or two takeaways that I might take with me after the panel, after hearing your presentation?
Everett: Great. So, just a couple of points first: For anyone who’s listening to the panel, my co-panelist and I will be giving you an overview of the False Claims Act, or the FCA, which imposes liability on anyone who knowingly uses or causes abuse of a federal statement or a false record. We’ll likewise be talking about (and particularly my co-panelist will be focusing on) the possibility for, again, the whistleblower themselves or private persons, referred to as qui tam relators, to initiate FCA claims and actions on behalf of the government.
Then we’ll go into a deep dive into these cybersecurity requirements that we talked about earlier that the government’s focusing on.
Oswald: So Jennifer, what’s the kind of advice that you’re giving to your clients right now, especially federal government contractors who might be dealing with issues relating to cybersecurity breaches?
Everett: Great question, Scott. Cybersecurity compliance, as I said, is a really increasing enforcement area, and this really is not just in connection with data breaches but also with respect to representations that are made to the government. Put simply, there is liability for false cybersecurity certifications, and those are not dependent only on data breaches.
Companies can be guilty of violating the FCA even when they’re providing non-conforming products out of some sort of technical failure, so it’s important to remember that it’s not just the data breach that can get someone into potential liability or harm or other reporting requirements, but it’s also the representations that are being made with respect to the product of their services. So, we’re encouraged to look very carefully at what cybersecurity controls they have in place and ensure that they are able to actually be the representations that they’re asserting, right? This means that they should be carefully thinking not only with respect to strong internal reporting remediation efforts but also sort of thinking carefully and having a response reporting place in the event that there are possible vulnerabilities so that individuals who are close to or have some familiarity with the product or services have a means to raise or address potential claims or concerns. [That way,] the company can 1) be aware of vulnerabilities, 2) mitigate, and 3) give employees a way to be a part of and ensure that we are not making any false representations to the government with respect to products or services.
Oswald: When employees don’t feel like they’re being heard, that’s what leads to whistleblowing, right?
Everett: That’s exactly right. It’s important to remember, Scott, that retaliation against whistleblowers is prohibited under several enforcement schemes, including the FCA, so again, having a strong sort of internal robust reporting space that will allow whistleblowers or individuals a way to raise potential claims and help mitigate the potential for any sort of FCA claim [is important].
Oswald: Jennifer Everett, we are so grateful to you. We look forward your and Colette Matzzie’s presentation, and we look forward to seeing each of you at this year’s “Changing Currents in Employment Law” on Tuesday, October 26th at 6:00pm. You can find us at dcbar.org.