The United States issues new regulations to tighten control over the transfer of personal data, aiming to prevent threats to national security from foreign entities.

The United States issues new regulations to tighten control over the transfer of personal data, aiming to prevent threats to national security from foreign entities.
ThaiCERT Cybersecurity Articles

01/68 Thursday, January 2, 2025

The U.S. Department of Justice (DoJ) has announced the final rule for implementing Executive Order (EO) 14117, aimed at regulating the mass transfer of personal data to countries considered potential threats, such as China, Cuba, Iran, North Korea, Russia, and Venezuela. This new rule stems from President Joe Biden’s executive order issued in February 2024, designed to mitigate national security risks associated with unauthorized access to the personal data of U.S. citizens. Such data could be exploited for harmful activities, including espionage, political interference, and cyberattacks.

The rule outlines specific categories of transactions that are prohibited or restricted concerning the transfer of sensitive personal data, covering six key areas:

  1. Personally identifiable information, such as Social Security numbers and driver’s licenses.
  2. Precise geolocation data.
  3. Biometric identifiers.
  4. Omics data, including genome, proteome, and transcriptome information.
  5. Personal health data.
  6. Personal financial data.

The rule also specifies civil and criminal penalties for violations and includes enforcement mechanisms to prevent the sale or transfer of data to foreign nations. Matthew G. Olsen, Assistant Attorney General for National Security, emphasized the critical importance of these regulations in protecting Americans’ personal data from misuse by adversarial foreign powers. “This is another significant step in addressing national security threats posed by adversaries seeking to exploit our personal data for their benefit,” Olsen stated.

The regulation also aims to prevent the misuse of data for developing artificial intelligence (AI) and advanced technologies or suppressing the rights of activists, journalists, and vulnerable groups. However, the rule does not prohibit medical research or the exchange of commercial data, such as cross-border sales of goods and services.

The new rule is expected to take effect within 90 days, marking a significant measure to safeguard U.S. data security in an era where data transfers have become a critical global issue.

Source https://thehackernews.com/2024/12/new-us-doj-rule-halts-bulk-data.html