The DOJ’s National Security Division is rolling out a new data security program that will require companies to take steps to prevent the large-scale transfer of Americans’ genomic, biometric, personal health, geolocation, financial, and other kinds of sensitive data to China, Russia and other foreign adversaries. Davis+Gilbert Privacy, Technology + Data Security partner Gary Kibel was quoted multiple times in Law360 discussing the DOJ’s National Security Division’s new data security program requirements and best practices guide.
To aid with compliance, The DOJ’s National Security Division issued a “best practices” guide, containing over 100 frequently asked questions. Gary explains that “While the guidance wasn’t a radical departure from anything that the government has said previously, it did provide helpful details and put more meat on the bone about companies’ due diligence, contracting and auditing obligations.”
With the new rule, companies must review vendor contracts to prevent inadvertently sharing information with blacklisted entities and screen vendors against a list of entities controlled by foreign adversaries. “There’s no grandfathering in of older contracts, so if companies are dealing with any data at all that could meet the definition of bulk U.S. sensitive personal data and are engaged in international data transfers, then they need to revisit their contracts, because it’s likely this issue wasn’t addressed in older form agreements,” said Gary.
To read more about the DOJ’s National Security Division’s new data security program, read the full article below.