Could your routine data transfers now violate federal law? The DOJ’s new Data Security Program (DSP) targets the flow of U.S. sensitive personal and government data to foreign adversaries — and the clock is ticking. In this episode of Corruption, Crime and Compliance, Michael Volkov breaks down the Justice Department’s sweeping new Data Security Program, enacted under Executive Order 14117 and finalized in January 2025.

You’ll hear him discuss:

• The origins of the DSP, created through Executive Order 14117 under the Trump Administration, and the key national security concerns it addresses.
• What constitutes a “covered data transaction” and the thresholds for U.S. personal and government data that trigger compliance obligations.
• The list of “countries of concern” and what it means for companies doing business with entities tied to these regions.
• The types of U.S. data covered by the DSP, including biometric, genomic, financial, and geolocation data, and the specific quantity thresholds that trigger restrictions.
• Why data brokerage and bulk human genomic data transactions are prohibited outright, raising new compliance challenges for affected industries.
• How “restricted transactions” like cloud computing services and vendor agreements are subject to conditional exceptions under the DSP.
• The critical actions U.S. companies must take during the 90-day enforcement hiatus, including vendor assessments, renegotiations, and compliance system updates before the July 8th deadline.

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group