You are currently viewing New DOJ Limits on Cross Border Data Transfers Prompt Assessment by Businesses Lathrop GPM
Representation image: This image is an artistic interpretation related to the article theme.

New DOJ Limits on Cross Border Data Transfers Prompt Assessment by Businesses Lathrop GPM

Understanding the New Rule

The new rule, which was announced in December 2020, aims to enhance the security and privacy of cross-border data transfers. The rule requires companies to implement robust security measures to protect sensitive information when transferring data across international borders. This includes measures such as encryption, access controls, and audit trails.

  • The rule applies to all U.S.
  • Data Analytics Firms — Companies that provide data analysis services to clients.
  • Government Contractors — Companies that provide goods and services to the U.S. government.
  • Information Technology (IT) Firms — Companies that design, develop, and sell IT products and services.
  • Telecommunications Firms — Companies that provide telecommunications services.
  • Financial Institutions — Companies that provide financial services, including banking and lending.
  • Other sectors — Other industries that handle sensitive data, such as healthcare and education.The New DOJ Rule: Implications for U.S.
    Persons and Entities

    • The Department of Justice (DOJ) has recently introduced a new rule that significantly impacts U.S. persons and entities engaged in the export of bulk sensitive personal or bulk government-related data.

    Service Providers — Companies offering services that involve processing or accessing personal data, including cloud computing and IT services. Data Brokers — Entities trading or buying personal data for commercial purposes. The rule prohibits these entities from disclosing or making available human omic data to covered persons, including countries of concern or entities owned by or affiliated with them, without the required consent or authorization. Key areas of focus for compliance: Data minimization and protection. Ensuring that only necessary data is collected and used for specific, legitimate purposes. Data anonymization and pseudonymization. Techniques to remove identifiable information and protect individual privacy. Secure data storage and transmission. Safeguards to prevent unauthorized access, use, or disclosure of personal data. Data subject rights and obligations. Ensuring that individuals have control over their personal data and are informed about its processing. The rule also establishes a compliance framework for entities that handle human omic data, providing guidance on data protection principles, data breach response, and audit and certification processes. It also sets out specific requirements for certain industries, such as healthcare and biotech, where data handling and protection are critical for ensuring the integrity of the data and maintaining public trust. Key areas of focus for compliance include: Data protection by design and default. Implementing data protection principles into the design and default settings of products and services. Data subject consent and notification.

    This type of information is considered sensitive because it can be used to identify individuals or groups and is therefore protected under the Freedom of Information Act (FOIA).

    What is Bulk Sensitive Information?

    The Challenges of International Data Privacy

    The increasing globalization of business has led to a complex web of international data privacy laws and regulations.

    CCPA Compliance for AI Companies and Adtech Firms

    The California Consumer Privacy Act (CCPA) has brought significant changes to the way businesses handle consumer data.

    Conduct regular audits to ensure compliance with the data protection regulations.

  • Requiring vendors to certify compliance with DOJ restrictions in their contracts
  • Conducting regular audits to ensure compliance with DOJ restrictions

    • Implementing Enhanced Due Diligence

    Implementing enhanced due diligence for foreign-owned cloud, IT, and data analytics providers is essential in ensuring compliance with DOJ restrictions.

    Leave a Reply