Attorneys Advise Close Monitoring of DOJ Data Rule Enforcement
It’s important for organizations to “actively stay up to date” on DOJ’s sensitive data rule even though enforcement began on July 9, blogged Constangy Brooks lawyers on Thursday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
“With the expiration of the grace period, organizations should monitor the types of enforcement actions the DOJ pursues, as well as how broadly the DOJ exercises its latitude to designate who is subject to the Sensitive Data Rule based on their conduct or affiliations,” said Ryan Steidl, Steven Morris and Anna Schall Kreamer, privacy attorneys from the firm.
The lawyers noted that part of the regulation created “a mechanism for the National Security Division within the DOJ to provide further information on the applicability of the Data Security Program in the form of written advisory opinions which would represent the present enforcement intentions of the NSD.”
“The manner in which organizations are expected to comply may also shift, because many aspects of the rules refer to [Cybersecurity and Infrastructure Security Agency (CISA)] standards,” they added. “However, with major staffing cuts at CISA and anticipated revisions to related regulations, such as the Cybersecurity Incident Reporting for Critical Infrastructure Act, organizations will need to remain vigilant to fully understand their obligations.”
Companies are considering relocating business operations from China and cutting off certain data flows in a conservative approach to complying with DOJ’s data transfer rule, privacy attorneys told Privacy Daily earlier this week (see 2507280055).