The United States government has taken significant steps to safeguard its sensitive data from foreign adversaries, including China, Russia, Iran, and other nations posing a threat to national security. These steps include the implementation of the Data Security Program, a comprehensive plan designed to protect U.S. government-related data and Americans’ sensitive personal data from unauthorized access or exploitation by foreign adversaries. The program addresses the “unusual and extraordinary threat” to the national security and foreign policy of the United States, as recognized by the Justice Department, the White House, and the U.S. Intelligence Community. Key Features of the Data Security Program:
- Establishes export controls to prevent foreign adversaries from accessing U.S. government-related data and sensitive personal data
- Provides a Compliance Guide to assist the public in coming into compliance with the program
- Issues an initial list of over 100 Frequently Asked Questions (FAQs) to clarify program requirements
- Publishes an initial Covered Persons List that identifies and designates persons subject to the control and direction of foreign adversaries
The Data Security Program was established under Executive Order 14117, and it will continue to evolve and adapt to address emerging threats and vulnerabilities. Key Highlights of the Data Security Program:
- Delivers on promises made by President Trump in his America First Investment Policy and NSPM-2 on Imposing Maximum Pressure on Iran
- Addresses threats identified in the 2025 Annual Threat Assessment of the U.S. Intelligence Community and President Trump’s 2017 National Security Strategy
- Responds to the national emergency declared in Executive Order 13873
The Data Security Program is designed to make it more difficult for foreign adversaries to access or exploit sensitive data, reducing the risk of espionage, economic espionage, and other malicious activities. The program’s export controls will prevent foreign adversaries from accessing U.S. government-related data and bulk genomic, geolocation, biometric, health, financial, and other sensitive personal data. The Compliance Guide will assist the public in coming into compliance with the program, and the FAQs will help to clarify program requirements. The initial Covered Persons List will identify and designate persons subject to the control and direction of foreign adversaries, making it easier for the public to understand who is covered by the program. The Data Security Program went into effect on April 8, 2025, and it will continue to evolve and adapt to address emerging threats and vulnerabilities. The Department of Justice’s continued prioritization of the Data Security Program demonstrates its commitment to protecting the nation’s sensitive data and preventing foreign adversaries from accessing or exploiting it. The Data Security Program is an important step in safeguarding the nation’s sensitive data and preventing foreign adversaries from accessing or exploiting it. In the coming weeks and months, the Department of Justice will be taking additional steps to implement the Data Security Program, including publishing further FAQs, designating additional covered persons, and enforcing program requirements. The Data Security Program is a critical component of the nation’s overall strategy to protect its sensitive data and prevent foreign adversaries from accessing or exploiting it. The program’s success will depend on the active participation and cooperation of the public, including companies, organizations, and individuals. The Department of Justice will be working closely with other government agencies, industry partners, and international organizations to ensure the program’s success and effectiveness. Its implementation will have a significant impact on the nation’s national security and foreign policy, and it is essential that the public is aware of its key features and requirements.
