On July 8, the DOJ’s National Security Division (NSD) will begin enforcing its Data Security Program according to a notice from April titled “Data Security Program Implementation and Enforcement Policy” which outlined the DOJ’s enforcement for new rules aimed at preventing foreign adversaries from accessing sensitive U.S. government and personal data.
NSD had previously stated it would not prioritize civil enforcement actions for violations occurring between April 8 and July 8, so long as parties make good faith efforts to comply or come into compliance during that period. The DOJ noted, however, that all individuals and entities must be in full compliance with the bulk transfer rule at the end of the 90-day period. The next compliance date will be October 6 for entities to comply with additional provisions, including due diligence, audits, and annual reporting requirements.
As previously covered by InfoBytes, the DOJ announced its Data Security Program was aimed at protecting Americans’ sensitive data from China, Russia, Iran and other countries of concern. The Data Security Program requires individuals and entities to comply with prohibitions and restrictions under the bulk-transfer rule restrictions.
[View source.]
