- U.S. Department of Justice Releases Final Rule Regarding Executive Order 14117
- Will ban large-scale transactions of U.S. citizen data to hostile countries
- The ban will protect U.S. national security by preventing U.S. citizens from becoming mass targets of cyber espionage and foreign influence
The U.S. Department of Justice has final rule published Executive Order 14117, signed by President Joe Biden in February 2024, prevents the transfer of U.S. citizens’ data to some “countries of concern.”
Countries on the list include China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia and Venezuela, all of which the U.S. Justice Department said have “long-term or serious conduct that harms national interests.” human safety.
It added that these countries could “access and exploit large amounts of sensitive personal data of Americans and certain data related to the U.S. government.”
The United States has no data on hostile countries
The final rule will take effect within 90 days, and Matthew G. Olsen, Assistant Attorney General for the Department of Justice’s National Security Division, said: “This powerful new national security program is designed to ensure that Americans’ personal Data is no longer allowed to be leaked or sold to hostile foreign powers, whether through direct purchase or other commercial access methods. “
The executive order is intended to prevent countries generally hostile to the United States from using U.S. citizens’ data in cyber espionage and influence operations and to build profiles of U.S. citizens for use in social engineering, phishing, extortion and other activities. identity theft Activity.
The final rule sets out thresholds for transactions in materials that present an unacceptable level of risk, as well as different categories of transactions that are prohibited, restricted, or exempted. Companies that violate the order face civil and criminal penalties. Types of prohibited material are:
- Certain covered personal identifiers (for example, name, Social Security number, driver’s license or other government identification number associated with a device identifier)
- Precise geolocation data (e.g., GPS coordinates)
- Biometric identifiers (such as facial images, voiceprints and patterns, and retinal scans)
- Human genome data and three other types of human omics data (epigenome, proteome, or transcriptome)
- Personal health data (such as height, weight, vital signs, symptoms, test results, diagnoses, digital dental records and psychological diagnoses)
- Personal financial information (for example, information related to personal credit cards, debit cards, bank accounts and financial liabilities, including payment history)
The Justice Department also outlined that the final rule does not apply to “medical, health, or scientific research or the development and marketing of new drugs” and “nor does it broadly prohibit U.S. persons from engaging in commercial transactions, including the exchange of financial and other data with countries or persons related to sales.” commercial goods and services, or take steps aimed at the broader decoupling of numerous consumer, economic, scientific, and trade relationships between the United States and other countries.
through Hacker News