Benesch Predicts 'Proactive Enforcement' of DOJ Bulk Data Transfer Rule
As the next deadline nears for DOJ’s bulk data transfer rule, “businesses must continue to take proactive steps to understand and implement the rule’s complex compliance requirements,” said Benesch privacy and tech attorneys in a blog post Friday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
“From assessing data transfer practices to updating contractual frameworks and internal controls, the stakes are high for organizations that handle sensitive personal data or government related data,” wrote Benesch’s Michael Stovsky, Trevor Martin and Kristopher Chandler. They warned that the rule’s history points “to proactive enforcement, and the risks and consequence of non-compliance will likely increase.”
The DOJ rule took effect April 8 and became enforceable July 8 (see 2507280055 and 2506240056). However, many of its “technical enforcement obligatons … become enforceable on” Oct. 6, the lawyers said.
By that deadline, all U.S. businesses must conduct internal reviews of access to covered data, “including whether transactions involving access to such data flows constitute” prohibited transaction, and review “internal datasets and datatypes to determine if they are potentially subject to the” DOJ rule, said Benesch: For businesses that determine they're engaged in covered data transactions or restricted transactions, many more requirements will apply.