Summary:
Le nouveau programme de sécurité des données (DSP) du DOJ vise à encadrer le transfert de données sensibles américaines vers des adversaires étrangers. En vertu de l’Ordre Exécutif 14117, ce programme définit des transactions de données couvertes, liste des pays à risque et établit des seuils pour les données des citoyens et du gouvernement. Les entreprises doivent évaluer leurs fournisseurs et mettre à jour leurs systèmes de conformité avant la date limite du 8 juillet 2025, en raison des nouvelles restrictions sur les données, notamment génomiques et financières.
Original Link:
Original Article:
Could your routine data transfers now violate federal law? The DOJ’s new Data Security Program (DSP) targets the flow of U.S. sensitive personal and government data to foreign adversaries — and the clock is ticking. In this episode of Corruption, Crime and Compliance, Michael Volkov breaks down the Justice Department’s sweeping new Data Security Program, enacted under Executive Order 14117 and finalized in January 2025.
You’ll hear him discuss:
? The origins of the DSP, created through Executive Order 14117 under the Trump Administration, and the key national security concerns it addresses.
? What constitutes a “covered data transaction” and the thresholds for U.S. personal and government data that trigger compliance obligations.
? The list of “countries of concern” and what it means for companies doing business with entities tied to these regions.
? The types of U.S. data covered by the DSP, including biometric, genomic, financial, and geolocation data, and the specific quantity thresholds that trigger restrictions.
? Why data brokerage and bulk human genomic data transactions are prohibited outright, raising new compliance challenges for affected industries.
? How “restricted transactions” like cloud computing services and vendor agreements are subject to conditional exceptions under the DSP.
? The critical actions U.S. companies must take during the 90-day enforcement hiatus, including vendor assessments, renegotiations, and compliance system updates before the July 8th deadline.