Man
Professional
- Messages
- 3,093
- Reaction score
- 634
- Points
- 113
The United States has unveiled a new plan to protect data from foreign intelligence.
The US Department of Justice has published a draft of new rules that will help regulate the transfer of data to foreign countries. The document clarifies measures that will limit or prohibit data transactions if they may pose security risks.
In February 2024, President Biden signed an executive order that aims to prevent foreign countries from accessing sensitive data. The countries included China, Russia, Iran, North Korea, Cuba and Venezuela. The new document designates the same countries.
The proposed rules impose restrictions on transactions that can provide access to such data. The NPRM identifies several categories of data that are subject to the new measures: biometric and genomic data, geolocation, health data, and financial information. The measures affect situations where the collected data may be associated with specific Americans or groups of people.
The regulation provides for a ban on the transfer of data in case of exceeding the established volumes. For example, U.S. companies are prohibited from transferring:
Special measures apply to data belonging to military personnel and civil servants: the transfer of such information is strictly prohibited. A similar prohibition applies to data transactions if there is reason to believe that it will be in the possession of one of the target countries. The focus will be on data brokers dedicated to selling the collected information to third parties.
Administration officials emphasize that the sale of data to foreign countries poses a serious threat to national security, as the information obtained can be used for cyberattacks, surveillance of government targets, the creation of disinformation campaigns and the tracking of security leaders. The data can also be used to spy on dissidents and journalists and analyze the daily activities of US citizens.
Particular attention is paid to the control of transactions that can bypass the restrictions. The document states that the Department of Justice will have the power to impose bans on certain transactions and require companies to submit reports on such transactions. In addition, the NPRM includes licensing mechanisms and the ability to obtain clarifications from the agency for market participants.
The draft regulations also introduce several exceptions. They concern:
As measures to comply with the new rules, the agency suggests that companies implement security compliance programs, including access control and data encryption. In case of violations, civil fines of up to $368,136 can be applied, and criminal penalties of up to 20 years in prison are provided for intentional violations.
The Department of Justice emphasizes that the rules will not affect social media platforms and applications, nor do they imply new powers to oversee the personal data of Americans.
Source
The US Department of Justice has published a draft of new rules that will help regulate the transfer of data to foreign countries. The document clarifies measures that will limit or prohibit data transactions if they may pose security risks.
In February 2024, President Biden signed an executive order that aims to prevent foreign countries from accessing sensitive data. The countries included China, Russia, Iran, North Korea, Cuba and Venezuela. The new document designates the same countries.
The proposed rules impose restrictions on transactions that can provide access to such data. The NPRM identifies several categories of data that are subject to the new measures: biometric and genomic data, geolocation, health data, and financial information. The measures affect situations where the collected data may be associated with specific Americans or groups of people.
The regulation provides for a ban on the transfer of data in case of exceeding the established volumes. For example, U.S. companies are prohibited from transferring:
- genetic information of more than 100 people during the year to these countries;
- geodata and biometric identifiers of more than 1,000 citizens;
- financial and medical information of more than 10,000 people;
- personal data of over 100,000 people. Personal data in this case includes names associated with device identifiers, as well as Social Security Numbers (SSNs) and driver's licenses.
Special measures apply to data belonging to military personnel and civil servants: the transfer of such information is strictly prohibited. A similar prohibition applies to data transactions if there is reason to believe that it will be in the possession of one of the target countries. The focus will be on data brokers dedicated to selling the collected information to third parties.
Administration officials emphasize that the sale of data to foreign countries poses a serious threat to national security, as the information obtained can be used for cyberattacks, surveillance of government targets, the creation of disinformation campaigns and the tracking of security leaders. The data can also be used to spy on dissidents and journalists and analyze the daily activities of US citizens.
Particular attention is paid to the control of transactions that can bypass the restrictions. The document states that the Department of Justice will have the power to impose bans on certain transactions and require companies to submit reports on such transactions. In addition, the NPRM includes licensing mechanisms and the ability to obtain clarifications from the agency for market participants.
The draft regulations also introduce several exceptions. They concern:
- U.S. Government operations;
- financial and medical transactions;
- international agreements and telecommunication services.
As measures to comply with the new rules, the agency suggests that companies implement security compliance programs, including access control and data encryption. In case of violations, civil fines of up to $368,136 can be applied, and criminal penalties of up to 20 years in prison are provided for intentional violations.
The Department of Justice emphasizes that the rules will not affect social media platforms and applications, nor do they imply new powers to oversee the personal data of Americans.
Source
