Corruption Crime & Compliance DOJ Issues Data Security Program Requirements
5 snips
Apr 28, 2025 The DOJ's new Data Security Program imposes strict regulations on data transfers, raising compliance stakes for businesses. It identifies key national security concerns, defining what constitutes a 'covered data transaction.' Companies must navigate restrictions related to sensitive data, including biometric and financial information. With a focus on countries of concern, the program highlights outright prohibitions on data brokerage. U.S. firms have a 90-day window to assess vendors and update compliance systems before the impending deadline. This is a crucial time for data management!
AI Snips
Chapters
Transcript
Episode notes
Overview of DOJ's Data Security Program
- The DOJ's Data Security Program targets preventing sensitive U.S. data access by countries of concern, mainly China and others like Russia and Iran.
- Bulk data thresholds trigger restrictions, especially for genomic, financial, geolocation, and biometric data transfers.
Use 90-Day Hiatus to Comply
- Use the 90-day enforcement hiatus to conduct data reviews, renegotiate vendor contracts, and update security systems for compliance.
- Prioritize internal audits, due diligence, and revising agreements to meet DSP requirements before July 8th, 2025.
Impact on China-Focused Companies
- DSP compliance will heavily impact companies operating in China due to intense data transfer restrictions.
- Entities must map, track, and audit data flows internally and externally including vendors and third parties.