The Justice Department recently issued a notice of proposed rulemaking (NPRM) to implement an executive order President Joe Biden issued in February.
The order, Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern, addresses the national security threat posed by certain countries to access and exploit Americans’ sensitive personal data.
Biden tasked the Justice Department with establishing and implementing a national security regulatory program to address the risks.
The proposed rule would establish rules for data transactions that pose an unacceptable risk by giving countries or persons of concern access to government-related data or bulk U.S. sensitive personal data.
It also requires employment, investment vendor agreements qualify as restricted transactions. This means the agreements must comply with proposed security requirements the Department of Homeland Security’s Cybersecurity and Infrastructure Agency developed in coordination with the Justice Department.
The rule is tailored to specific national security risks stemming from previous access to Americans’ bulk sensitive personal data and certain sensitive U.S. government-related data.
The Justice Department’s National Security Division seeks public comment on the proposed rule.
Trade association groups, organizations and entities potentially affected by the proposed rule, subject-matter experts, and others with interest in data security and cybersecurity are encouraged to provide feedback.