The U.S. Department of Justice (DOJ) said on April 11 it has taken steps to move forward with a program to prevent China, Russia, Iran and other foreign adversaries from accessing and exploiting American citizens’ personal data.
The Data Security Program implemented by the National Security Division (NSD) as part of Executive Order 14117 went into effect on April 8, the DOJ said, and establishes export controls to prevent foreign adversaries, and those under their control, jurisdiction, ownership and direction from accessing U.S. government-related sensitive personal data.
“If you’re a foreign adversary, why would you go through the trouble of complicated cyber intrusions and theft to get Americans’ data when you can just buy it on the open market or force a company under your jurisdiction to give you access?” Deputy Attorney General Todd Blanche said. “The Data Security Program makes getting that data a lot harder.”
The NSD issued a compliance guide and a Frequently Asked Questions list, as well as an implementation and enforcement policy. As part of the FAQ, the department said it will address high-level clarifications about the executive order, as well as providing information about the program, its scope, the processes for requesting licenses, and information about violations and reporting on rejected prohibited transactions. Officials said the FAQ will reflect some of the feedback the department received during the rulemaking process.
More steps will be taken over the coming weeks, division officials said, to implement the Data Security Program, including publishing an initial Covered Person List that identifies people subject to control and direction of foreign adversaries.