On April 11, the DOJ announced steps towards the implementation of a national security program aimed at protecting Americans’ sensitive data from China, Russia, Iran and other foreign adversaries. The Data Security Program, which went into effect on April 8, establishes export controls designed to prevent foreign adversaries from accessing U.S. government-related and personal data belonging to Americans, including genomic, geolocation, biometric, health, financial, and other sensitive personal data. As previously covered by InfoBytes, the Data Security Program was implemented under Executive Order 14117 which led to the DOJ issuing an NPRM in February 2024 regulating data transactions with Russia, Iran and China (covered here). The DOJ explained that its prioritization of the Data Security Program is partly in response to threats identified in the 2025 Annual Threat Assessment of the U.S. Intelligence Community and aligns with national security strategies to counter espionage and surveillance activities.
Starting April 8, entities and individuals were required to comply with the Data Security Program’s prohibitions and restrictions on engaging in covered data transactions. To aid in the implementation of the Data Security Program’s requirements, the DOJ’s National Security Division issued a Compliance Guide and FAQs to provide guidance and clarifications of the program’s requirements and assist the public in adhering to the requirements. The guidance included best practices for compliance, including offering guidance on the definition of prohibited transactions and clarifying audit requirements. Recognizing that entities may need to take steps to bring existing practices into compliance with the program’s requirements, the DOJ announced that, during the first 90 days of the program’s effectiveness, the DOJ will not prioritize civil enforcement actions provided that entities are making good faith efforts to comply with the program during that time. During this 90-day period, the DOJ has encouraged the public to contact the National Security Division with informal inquiries about the Data Security Program and related guidance.
[View source.]
