Data Dive

The Department of Justice’s (DOJ) final rule implements President Biden’s Executive Order 14117 of February 28, 2024, on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (EO) and is intended to address a perceived gap in existing national security authorities to adequately address threats posed by the continuing effort of certain countries of concern to access Americans’ sensitive personal data and U.S. government-related data. (For additional information, please see our prior alerts on the proposed rule and issuance of the EO and DOJ’s accompanying advance notice of proposed rulemaking). This new and very complex regulatory regime reflects the U.S. government’s growing national security concerns about China and other adversarial governments obtaining access to Americans’ sensitive personal data through sales and licensing agreements, as well as certain vendor, employment and investment transactions, and that such agreements and transactions could enable these countries to use biometric, financial, ‘omic, geolocation or health data or other personal identifiers to engage in malicious cyber-enabled activities, espionage, tracking of military and national security personnel, blackmail or other nefarious activities.