The Justice Department has launched the Data Security Program to combat foreign threats to U.S. sensitive data. The program aims to prevent foreign adversaries like China, Russia, and Iran from exploiting U.S. personal and government-related data for espionage, surveillance, and economic harm. It addresses concerns that foreign entities could obtain U.S. data through commercial activities rather than complex cyber intrusions. This initiative was established under Executive Order 14117, with strong bipartisan support across U.S. governance.
Under the new program, the National Security Division (NSD) implements export controls restricting access to critical personal data. This includes genomic, geolocation, biometric, health, financial, and other private information. NSD has published a Compliance Guide to assist businesses and individuals in adhering to these new regulations. The guide explains key provisions, including prohibited transactions, audit requirements, and offers model contracts to ensure compliance by the April 2025 deadline.
The Justice Department has outlined additional resources for compliance, including FAQs and guidance on handling restricted transactions.
The Data Security Program also includes an enforcement policy for the first 90 days, which offers leeway to entities in transition. NSD will focus its efforts on helping businesses and individuals meet new obligations without prioritizing civil enforcement in the early stages.
By July 2025, full compliance will be expected, and the program will be enforced more strictly.
The program’s long-term goal is to protect Americans’ data from being weaponized by foreign powers. NSD encourages entities to review and adapt their data policies to comply with the Data Security Program. It will continue to update the public and regulated parties on best practices, and any non-compliance issues should be addressed by the outlined deadlines. During the first 90 days, businesses should engage in good faith efforts to comply with the program’s restrictions and can seek clarification from the NSD if needed.
Reference:
