Summary:
Le nouveau programme de sécurité des données (DSP) du DOJ cible les transferts de données sensibles vers des adversaires étrangers. Établi par l’Ordre Exécutif 14117, il définit ce qui constitue une “transaction de données couvertes” et les obligations de conformité des entreprises. Le DSP impose des restrictions sur les données biométriques, génomiques, financières et de géolocalisation, et prohibe les transactions de données génomiques en vrac. Les sociétés américaines doivent agir rapidement pour mettre à jour leurs systèmes de conformité avant la date limite du 8 juillet.
Original Link:
Original Article:
Could your routine data transfers now violate federal law? The DOJ’s new Data Security Program (DSP) targets the flow of U.S. sensitive personal and government data to foreign adversaries — and the clock is ticking. In this episode of Corruption, Crime and Compliance, Michael Volkov breaks down the Justice Department’s sweeping new Data Security Program, enacted under Executive Order 14117 and finalized in January 2025.
You’ll hear him discuss:
? The origins of the DSP, created through Executive Order 14117 under the Trump Administration, and the key national security concerns it addresses.
? What constitutes a “covered data transaction” and the thresholds for U.S. personal and government data that trigger compliance obligations.
? The list of “countries of concern” and what it means for companies doing business with entities tied to these regions.
? The types of U.S. data covered by the DSP, including biometric, genomic, financial, and geolocation data, and the specific quantity thresholds that trigger restrictions.
? Why data brokerage and bulk human genomic data transactions are prohibited outright, raising new compliance challenges for affected industries.
? How “restricted transactions” like cloud computing services and vendor agreements are subject to conditional exceptions under the DSP.
? The critical actions U.S. companies must take during the 90-day enforcement hiatus, including vendor assessments, renegotiations, and compliance system updates before the July 8th deadline.