On January 8, 2025, the Department of Justice (“DOJ”) published its final rule addressing Executive Order (E.O.) 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” With the final rule, the DOJ National Security Division’s Foreign Investment Review Section (“FIRS”) defines prohibited and restricted data transactions, and outlines trusted data flows for companies with overseas operations involving countries of concern, including IT infrastructure. The general effect of the rule is to close “front door” access to bulk sensitive personal data on U.S. persons and certain U.S.-government-related data. Until now—or rather, April 8, 2025, when the majority of the rule becomes effective—nefarious actors could procure sensitive data through legitimate business transactions.Continue Reading Data, Deals, and Diplomacy, Part III: DOJ Issues National Security Final Rule with New Data Compliance Obligations for Transactions Involving Countries of Concern
