In a significant development, Penn State University has been embroiled in a lawsuit, unsealed on September 1, 2023, brought under the qui tam provision of the False Claims Act (“FCA”). The U.S. District Court for the Eastern District of Pennsylvania is presiding over the case, which was initially filed on October 5, 2022.
The lawsuit alleges that Penn State University violated its contractual obligations by failing to provide “adequate security” for Covered Defense Information. The university’s duties in this matter were ostensibly specified by Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012.
The claims against Penn State form part of a broader trend of growing legal and regulatory scrutiny over how organizations handle their cybersecurity responsibilities, particularly when these involve sensitive, governmental information.
However, please note specific details related to the case are scarce since the original litigation documents have not been made publicly available at this juncture. It is therefore difficult to estimate the full impact and ramifications of this litigation effort on Penn State University and other similar institutions.
As reported by JD Supra, the legal team of Alston & Bird is handling the case. Their role and the broader implications of this emerging case will certainly be a focus for legal professionals around the globe, especially those working on cybersecurity and compliance-related legal matters.
The legal proceeding is expected to shed more light on how courts view and interpret contractual cybersecurity obligations between institutions and the government. It may also provide key inputs for the implementation and improvement of laws and regulations that govern cybersecurity practices and standards.
Legal professionals and organizations are advised to keep close tabs on this case. Its conclusions could potentially inform the development of best practices within the realm of cybersecurity compliance and liability, forming a cornerstone of future preventive measures and mitigation strategies.