In a recent legal development, the False Claims Act has found increasing application in the field of cybersecurity enforcement. This trend is marked by the recent unsealing of a False Claims Act qui tam complaint lodged against the renowned Pennsylvania State University (Penn State).
This case, entitled United States ex rel. Matthew Decker v. Pennsylvania State University (22-cv-03895-PD, Eastern District of Pennsylvania), showcases the Department of Justice’s (DoJ) Civil Cyber-Fraud Initiative in action. The whistleblower in this case is none other than Matthew Decker, the former Chief Information Officer of Penn State’s Applied Research Lab. Decker alleges that Penn State submitted false certifications to the Department of Defense (DoD).
The False Claims Act allows private individuals, called whistleblowers or ‘relators,’ to sue on behalf of the government for fraud. This enforcement mechanism is proving to be a powerful tool for holding entities accountable for their cybersecurity practices, particularly in their dealings with government agencies. However, this also signals a new era of legal challenges for corporations as such stringent allegations could potentially harm their reputation and result in significant financial penalties.
Given that this recent case is built on the allegations of noncompliance with cybersecurity requirements set by the government, it could potentially set legal precedents for future litigation. It may place corporations under a stricter lens when it comes to their practices of submitting certifications to governmental departments.
Legal professionals, particularly those working in the corporate sector, need to remain vigilant and stay abreast with such developments. This heightened scrutiny could require a more robust approach towards ensuring compliance with government-directed cybersecurity norms.