US government says companies are no longer allowed to send bulk data to these
nations

Date:
Thu, 02 Jan 2025 15:03:00 +0000

Description:
The US DoJ has issued a final rule to prevent the mass transfer of US citizen
data to hostile nations.

FULL STORY

The US Department of Justice has issued a final rule on Executive Order 
14117, which President Joe Biden signed in February 2024, preventing the
movement of US citizens data to a number of countries of concern. 

The list of countries consists of China (including Hong Kong and Macau), 
Cuba, Iran, North Korea, Russia, and Venezuela, all of which the DoJ says 
have engaged in a long-term pattern or serious instances of conduct
significantly adverse to the national security of the United States or the
security and safety of U.S. persons. 

It added these nations could, access and exploit Americans bulk sensitive
personal data and certain U.S. Government-related data.

No US data for hostile nations

The final rule will come into effect in 90 days, with Assistant Attorney
General Matthew G. Olsen of the Justice Department's National Security
Division stating, This powerful new national-security program is designed to
ensure that Americans' personal data is no longer permitted to be sold to
hostile foreign powers, whether through outright purchase or other means of
commercial access. 

The Executive Order is aimed at preventing countries generally hostile to the
US from using the data of US citizens in cyber espionage and influence
campaigns, as well as building profiles of US citizens to be used in social
engineering, phishing, blackmail, and identity theft campaigns. 

The final rule sets out the threshold for transactions of data that carry an
unacceptable level of risk, alongside the different classes of transactions
that are prohibited, restricted or exempt. Companies that violate the order
will face civil and criminal penalties. The types of prohibited data are:

Certain covered personal identifiers (e.g., names linked to device
identifiers, social security numbers, drivers license, or other government
identification numbers)

Precise geolocation data (e.g., GPS coordinates)

Biometric identifiers (e.g., facial images, voice prints and patterns, and
retina scans)

Human genomic data and three other types of human omic data
(epigenomic, proteomic, or transcriptomic)

Personal health data (e.g., height, weight, vital signs, symptoms, test
results, diagnosis, digital dental records, and psychological diagnostics)

Personal financial data (e.g., information related to an individuals credit,
debit cards, bank accounts, and financial liabilities, including payment
history)

The DoJ also outlined the final rule does not apply to medical, health, or
science research or the development and marketing of new drugs and also does
not broadly prohibit U.S. persons from engaging in commercial transactions,
including exchanging financial and other data as part of the sale of
commercial goods and services with countries of concern or covered persons, 
or impose measures aimed at a broader decoupling of the substantial consumer,
economic, scientific, and trade relationships that the United States has with
other countries.

Via The Hacker News

======================================================================
Link to news story:
https://www.techradar.com/pro/security/us-government-says-companies-are-no-lon
ger-allowed-to-send-bulk-data-to-these-nations

$$
--- SBBSecho 3.20-Linux