DOJ Introduces Rules to Limit Certain Data Transactions in Interest of National Security

November 15, 2024

Reading Time : 1 min

On October 29, 2024, the DOJ issued a proposed rule prohibiting and restricting certain transactions that could allow persons from countries of concern, such as China, access to bulk sensitive personal data of U.S. citizens or to U.S. government-related data (regardless of volume).

The rule builds on President Biden’s Executive Order 14117 of February 28, 2024, which directed DOJ to initiate such a rulemaking, DOJ’s ANPRM of March 5, 2024, which set forth the proposed scoping of key terms for the regulations, including categories of covered transactions, and the comments submitted in response to the ANPRM.

Sensitive personal data covered by the rule includes human genomic data, biometric identifiers, precise geolocation data, personal health data, personal financial data, and combinations of specified personal identifiers (e.g., government identification numbers, financial account numbers, and personal device identifiers). To be covered, the transaction would need to involve identified “bulk thresholds” for each category of sensitive personal data, ranging from 100 to 100,000 U.S. persons.

Read More

Share This Insight