DOJ Bulk Sensitive Data Regulations
The clock is ticking – U.S. companies that share “sensitive bulk data” with non-U.S. entities have until early April to comply with the new requirements under DOJ’s Sensitive Bulk Data Security Regulation.
The DOJ's groundbreaking regulations governing access to bulk sensitive U.S. personal data and U.S. government-related data entered into force on Tuesday, April 8, 2025. The rules signal a major policy shift in regulating cross-border data flows for companies of all sizes.
Our team has been at the forefront of tracking this evolving framework and helping clients chart their path to compliance.
Featured Insights
Client AlertNIH Follows in FDA’s Footsteps and Adopts “Bulk Sensitive Data” Policy That Goes Beyond DOJ Rule RequirementsThe National Institutes of Health (“NIH”) has become the latest federal agency to impose obligations that go beyond those required by the watershed U.S. Department of Justice (“DOJ”) data security program (“DSP”) with its new Policy on Enhancing Security Measures for Human Biospecimens (“NIH Policy”).
ArticleDOJ Offers Narrow Window to Comply With New Data Security Rules
Kaylee Cox Bankston, Joe Folio, and Josh Fattal published an article in Bloomberg Law that highlights nine (9) key insights for U.S. companies to keep in mind as they navigate the new requirements under the Department of Justice's Bulk Sensitive Data regulations.
Client AlertDOJ Bulk Sensitive Data Regulations Update: New Compliance Guidance and Temporary Non-Enforcement Policy for Companies Working in Good Faith to Achieve Compliance
On Friday, April 11, 2025, the U.S. Department of Justice (DOJ) issued guidance about how the regulations would be applied, namely, a Compliance Guide and answers to 108 Frequently Asked Questions.
In the NewsCompanies Welcome DOJ Reprieve in Data-Transfer Rule EnforcementMiriam Wugmeister and Kaylee Cox Bankston spoke with Bloomberg Law about the Department of Justice's recent guidance on the bulk data transfer rule, which aims to prevent foreign adversaries from accessing sensitive U.S. data.
Client AlertNavigating New Security Requirements under DOJ’s Bulk Data Regulations: Is NIST Compliance Enough?
My organization adheres to the NIST Cybersecurity Framework (version 2.0). Am I ready to process Restricted Transactions?
Client AlertAn Unprecedented Cross-Border Data Regulatory Regime Version 3.0: Department of Justice Issues Final Rule Regulating Bulk Sensitive Data Transfers
The U.S. Department of Justice (“DOJ”) released final guidance on its new regulatory regime governing transactions involving certain sensitive data of U.S. persons and government‑related data and countries of concern.
PodcastNew Episode of The Regulators Featuring Head of the New Bulk Sensitive Data Regulatory Program
Morrison Foerster and Lawfare just released the latest episode of The Regulators podcast featuring the Chief of the U.S. Department of Justice’s Foreign Investment Review Section (FIRS), Devin DeBacker.
Client AlertThe Department of Justice Issues Revised Proposal for Regulating Bulk Sensitive Data Transfers -- An Unprecedented Cross-Border Data Regulatory Regime Version 2.0
The U.S. Department of Justice (“DOJ”) issued a revised proposed rule with new details about the most recent regulatory regime governing transactions involving certain sensitive data of U.S. persons and certain countries of concern.
Client AlertAn Unprecedented Cross-Border Data Regulatory Regime: The Biden Administration Announces New Program to Shield Sensitive U.S. Data
The Biden Administration recently announced its plan to create a new regulatory regime governing the transfer of certain sensitive data from the United States.
