Ddos 
In a decisive move to protect U.S. national security and personal data from foreign threats, the U.S. Department of Justice (DOJ) has officially launched its Data Security Program—a sweeping regulatory initiative aimed at preventing China, Russia, Iran, and other adversarial nations from accessing sensitive American data through commercial channels.
“The Data Security Program makes getting that data a lot harder,” said Deputy Attorney General Todd Blanche, emphasizing the program’s strategic intent to curb foreign espionage.
Foreign threat actors have increasingly turned to commercial acquisitions of personal data—ranging from biometrics, geolocation, and health records to financial and government-related data—as an alternative to traditional hacking.
“If you’re a foreign adversary, why would you go through the trouble of complicated cyber intrusions and theft to get Americans’ data when you can just buy it on the open market or force a company under your jurisdiction to give you access?” Blanche asked.
This strategy—cheaper, faster, and often legal under prior rules—posed what the DOJ called an “unusual and extraordinary threat…to the national security and foreign policy of the United States.”
The Data Security Program (DSP), effective April 8, 2025, functions similarly to export controls, barring foreign adversaries or entities under their jurisdiction from accessing bulk sensitive U.S. data. Key features include:
- Prohibitions and restrictions on certain “covered data transactions”
- Identification of “covered persons” affiliated with foreign adversaries
- Requirements for robust compliance programs and audit trails
- Restrictions on deserialization, data scraping, and bulk export
To help regulated entities adapt, the DOJ’s National Security Division (NSD) has released:
- A Compliance Guide detailing definitions, best practices, and model contract language
- A comprehensive set of over 100 FAQs
- An Implementation and Enforcement Policy for the initial 90-day period
These materials aim to assist U.S. persons—including individuals, companies, and foreign firms operating in the U.S.—to “know their data” and the risks it may pose in the hands of foreign intelligence services.
To smooth the transition, the DOJ will not prioritize civil enforcement between April 8 and July 8, 2025, for those who are making good-faith compliance efforts. These may include:
- Reviewing and updating data flow practices
- Renegotiating contracts
- Implementing CISA-recommended security controls
“NSD will target its enforcement efforts during the first 90 days… to minimize potential disruptions for businesses.”
However, this leniency does not apply to bad-faith actors, and all entities are expected to be in full compliance by the end of the grace period.
Related Posts:
- DOJ’s Radical Proposal: Could Google Be Forced to Sell Chrome and Android?
- China Targets U.S. Tech Startups through Investments, NCSC Reveals
- Google Antitrust: Mozilla Warns of Browser Choice Collapse
- Google’s Antitrust Showdown: DOJ Demands Chrome Separation, Android Reforms
- DOJ Charges 18 in Cryptocurrency Fraud Case, Seizes Over $25 Million
About The Author
