DOJ Data Privacy Enforcement Program Launched in Response to Growing Threats

DOJ Data Privacy Enforcement Program Launched in Response to Growing Threats

According to an article by Snell & Winter, President Biden’s Executive Order (EO), issued on February 28, 2024, directed the Department of Justice (DOJ) to establish targeted national security measures to address risks associated with data breaches and unauthorized data transactions. These transactions, which involve data brokerage and transfer of bulk sensitive personal data without consent, pose threats to national security, especially when used to develop AI capabilities and algorithms. The EO emphasizes the need for greater data protection while maintaining an open internet.

In response, Assistant Attorney General (AAG) Matthew G. Olsen announced the implementation of a data security protection and enforcement program within the DOJ’s National Security Division. Olsen outlined the DOJ’s focus on prosecuting both corporations and individuals, with particular emphasis on financial institutions and technology companies acting as gatekeepers against data breaches. He advised companies to prioritize data protection by understanding their data, reviewing vendor agreements, monitoring data access by consultants and investors, and ensuring compliance with regulations, especially regarding data sales.

The DOJ initiated a public comment period for its proposed data security and enforcement program, aiming to identify prohibited and restricted data transactions concerning sensitive personal data categories like financial, health, and genomic data. The program targets specific national security threats without intending to regulate all cross-border data flows comprehensively. The DOJ invited public feedback on various issues, including the usefulness of an advisory opinion process and mitigating compliance costs for small- and medium-sized businesses.

The public comment period, ending on April 19, 2024, allows stakeholders to contribute to shaping the program’s final form. The authors of the Snell & Winter article advise companies to review data policies, investigate potential data breaches promptly, and maintain robust data protection measures to comply with the DOJ’s efforts. While the program represents a significant step in enforcing data privacy both nationally and internationally, the DOJ encourages public engagement to refine its approach.