Kate Growley

Kate M. Growley (CIPP/US, CIPP/G) is a director with Crowell & Moring International and based in Hong Kong. Drawing from over a decade of experience as a practicing attorney in the United States, Kate helps her clients understand, navigate, and shape the policy and regulatory environment for some of the most complex data issues facing multinational companies, including cybersecurity, privacy, and digital transformation. Kate has worked with clients across every major sector, with particular experience in technology, health care, manufacturing, and aerospace and defense. Kate is a Certified Information Privacy Professional (CIPP) in both the U.S. private and government sectors by the International Association of Privacy Professionals (IAPP). She is also a Registered Practitioner with the U.S. Cybersecurity Maturity Model Certification (CMMC) Cyber Accreditation Body (AB).

Contact:

Canadian CMMC? Canada Proposes Cyber Compliance Regime for Canadian Defense Suppliers

By Kate Growley, Caitlyn Weeks, Michael G. Gruden, CIPP/G, Daniel W. Wolff, Nkechi Kanu, Jessica Chao & Jacob Harrison on April 10, 2025

Posted in Cybersecurity, Government Contracts

On March 12, 2025, the Government of Canada announced plans to launch the Canadian Program for Cyber Security Certification (CPCSC). CPCSC is a cybersecurity compliance verification program that aims to protect sensitive unclassified government information handled by Canadian government contractors and subcontractors within Canada’s defense sector. Canada will roll out CPCSC to contractors in four phases, with the first phase launching this month.Continue Reading Canadian CMMC? Canada Proposes Cyber Compliance Regime for Canadian Defense Suppliers

An Un[waiver]ing Commitment to CMMC: The Department of Defense Issues Guidance for Determining Assessment Levels

By Michael G. Gruden, CIPP/G, Daniel W. Wolff, Nkechi Kanu, Jessica Chao, Kate Growley, Maida Oringher Lerner & Jacob Harrison on February 25, 2025

Posted in Cybersecurity, Government Contracts

Amidst a flurry of executive cost-cutting, the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification program—often known just as “CMMC”— appears to be defying the odds and only picking up steam. Marking the first CMMC developments under the new administration, the DoD has published guidance that previews what to expect once CMMC is finalized. These developments suggest that the current administration intends to pick up where it left off, having first introduced the CMMC program during President Trump’s first term.Continue Reading An Un[waiver]ing Commitment to CMMC: The Department of Defense Issues Guidance for Determining Assessment Levels

Who I(aa)S Your Foreign Customer? Department of Commerce Proposes Foreign Customer Identification Requirements For U.S. IaaS Providers

By Michael G. Gruden, CIPP/G, Evan D. Wolff, Jana del-Cerro, Kate Growley, Jacob Harrison, Alexis Ward & Akanksha Sinha on February 8, 2024

Posted in Government Contracts

On January 29, 2024, the Department of Commerce released a proposed rule: Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities, which solicits comments regarding a proposed new set of regulations that would introduce significant new requirements for U.S.-based Infrastructure as a Service (IaaS) providers. The proposed rule implements requirements from the January 2021 Executive Order Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities and part of the October 2023 Executive Order Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. If Commerce implements the regulations as proposed, IaaS providers would be required to create a Customer Identification Program (CIP), ensure any foreign resellers maintain a CIP, track all customer identities, verify the identities of foreign customers, and report certain transactions implicating large AI models that could be used for malicious cyber-enabled activities. The Department is soliciting comments on all aspects of the proposed rule by April 29, 2024.Continue Reading Who I(aa)S Your Foreign Customer? Department of Commerce Proposes Foreign Customer Identification Requirements For U.S. IaaS Providers

The Holidays Come Early: NIST Unwraps Final Draft Revision 3 to NIST SP 800-171

By Michael G. Gruden, CIPP/G, Evan D. Wolff, Maida Oringher Lerner, Kate Growley, Nkechi Kanu, Jacob Harrison & Alexis Ward on November 14, 2023

Posted in NIST

On November 9, 2023, the National Institute of Standards and Technology (“NIST”) released the Final Public Draft (“FPD”) of Special Publication (“SP”) 800-171 Revision (“Rev.”) 3, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” and the Initial Public Draft of NIST SP 800-171A Rev 3, “Assessing Security Requirements for Controlled Unclassified Information.” The FPD of SP 800-171 Rev. 3 condenses several control requirements from the initial public draft while adding new requirements under existing controls. The initial draft of SP 800-171A now aligns with SP 800-171 Rev. 3 and includes more detailed assessment procedures than its predecessor. Changes in both documents forecast the evolving compliance requirements for organizations required to safeguard Controlled Unclassified Information (“CUI”).Continue Reading The Holidays Come Early: NIST Unwraps Final Draft Revision 3 to NIST SP 800-171

Biden’s Executive Order on Artificial Intelligence

By Michael G. Gruden, CIPP/G, Evan D. Wolff, Laura J. Mitchell Baker, Kate Beale, Lorraine M. Campos, Alicia Clausen, Michelle Coleman, Aaron Cummings, Jodi G. Daniel, Kate Growley, Jacob Harrison, Garylene “Gage” Javier, Paul Keller, Matthew Moisan, Lidia Niecko-Najjum, Eric Ransom, Anna Z. Saber, Neda Shaheen, Roma Sharma, Spencer Smith, William Tucker, Jennie Wang VonCannon, Alexis Ward, Tiffany Wynn & Crowell & Moring on November 6, 2023

Posted in AI

On October 30, 2023, President Biden released an Executive Order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). This landmark EO seeks to advance the safe and secure development and deployment of AI by implementing a society-wide effort across government, the private sector, academia, and civil society to harness “AI for good,” while mitigating its substantial risks.Continue Reading Biden’s Executive Order on Artificial Intelligence

Private Sector Helps Lead the Way: Biden-Harris Administration Secures Voluntary Commitments from Leading Artificial Intelligence Companies to Manage the Risks Posed by AI

By Michael Atkinson, Kate Growley & Spencer Smith on July 28, 2023

Posted in AI, Legal Developments

On July 21, 2023, the Biden administration announced that seven companies leading the development of artificial intelligence (AI) — Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI — have made voluntary commitments, which the companies agreed to undertake immediately, to help move towards safe, secure, and transparent development of AI technology. The goal of the voluntary commitments, or the “AI Agreement” as it is informally dubbed, is to establish a set of standards that promote the principles of safety, security, and trust deemed fundamental to the future of AI. Continue Reading Private Sector Helps Lead the Way: Biden-Harris Administration Secures Voluntary Commitments from Leading Artificial Intelligence Companies to Manage the Risks Posed by AI

Biden Admin Eyes IoT Cyber Practices

By Sarah Rippy, Evan D. Wolff, Neda Shaheen, Garylene “Gage” Javier, Kate Growley & Crowell & Moring on July 21, 2023

Posted in Cybersecurity

On June 18, 2023, the Biden-Harris administration announced the launch of a new “U.S. Cyber Trust Mark” program (hereinafter the “Program”). First proposed by Federal Communication Commission (“FCC”) Chairwoman Jessica Rosenworcel, the Program aims to increase transparency and competition across the smart devices sector and to assist consumers in making informed decisions about the security of the devices they purchase. Continue Reading Biden Admin Eyes IoT Cyber Practices

menu

Government Contracts Legal Forum