data security

Subscribe to data security via RSS

The U.S. Department of Justice (DOJ)’s new data security rule went into effect April 8, 2025. The rule creates what are effectively export controls and requires companies to take measures to prevent U.S. sensitive personal and government-related data from falling into the hands of foreign adversaries. The rule targets transactions (including data brokerage, vendor agreements, employment agreements, and investment agreements) involving access to bulk sensitive personal data or government-related data when those transactions involve identified covered persons or countries of concern (China, Russia, Iran, North Korea, Cuba, and Venezuela). Continue Reading DOJ Announces 90-Day Grace Period for Companies to Comply with New Data Security Rules on Foreign Adversary Access to U.S. Sensitive Data

CFIUS is expanding its reach. Where the Committee on Foreign Investment in the United States has generally scrutinized foreign acquisition of U.S. “critical infrastructure,” it has now signaled that it may look closely at any deal where the target collects or maintains sensitive personal information.
Continue Reading In-fo’ a CFIUS Review: The Expanding Power of CFIUS through Data Security Scrutiny