The US Government is looking to introduce new restrictions on how companies can sell ‘bulk US sensitive personal data’ to certain countries.
The proposed new rules from the Department of Justice (DoJ) would impose a blanket ban on the sale of this sort of data to six states the US deems ‘countries of concern’; China, Iran, Russia, The DPRK (North Korea), Cuba, and Venezuela.
It would cover a number of categories, including Social Security and driver’s license numbers, biometric identifiers, geolocation data, human genomic data like DNA, and health and financial information.
Some exceptions
The target of the regulations is to address national security risks that stem from foreign entities having access to American’s bulk sensitive data. By restricting the sale of information, the US hopes to curb foreign influence campaigns and to stop countries of concern from exploiting data to collect information on activists, journalists, or political opponents.
There are several proposed exemptions from this ban, including telecommunications services and clinical trial data needed for research approval or for FDA applications.
“Under the proposed rule, U.S. persons transacting in these kinds of data will need to establish a compliance program based on the individual risk profile of their activities,” said a senior DoJ official.
“They will need to understand the kinds and volumes of data they transact, who they are doing business with and how that data is being used, and the safeguards they use to control access to that data.” the official said.
In the age of never-ending data breaches and cyberattacks, these restrictions certainly won’t mean the end of foreign entities’ access to American’s personal data, but it will likely prove to be a barrier for threat actors.