Source URL: https://www.theregister.com/2024/10/21/us_crackdown_data_brokers/
Source: The Register
Title: US moves ahead with crackdown on data brokers selling to six ‘countries of concern’
Feedly Summary: Biden’s Executive Order finally getting its day in the sun, soonish
The US federal government is poised to implement an Executive Order that would ban data brokers selling significant amounts of information to buyers in six countries.…
AI Summary and Description: Yes
Summary: The US federal government is moving forward with an Executive Order to restrict data sales to certain countries, aiming to protect sensitive personal information of citizens. This initiative highlights significant implications for compliance with privacy regulations and data governance, especially for professionals in security and data management.
Detailed Description: The Executive Order issued by President Biden represents a considerable shift in how personal data can be managed and shared in the context of national security and privacy. It establishes stringent guidelines concerning the handling of sensitive personal data by US companies, particularly in relation to data processing by organizations partly owned by designated “countries of concern.” Here are the key points:
– **Targeted Countries**: The regulation primarily affects data sales to countries identified as “unfriendly,” including China, Cuba, Iran, North Korea, Russia, and Venezuela.
– **Empowered Authorities**: The Department of Justice (DoJ) has been granted authority to enforce these restrictions, ensuring compliance through oversight and potential sanctions.
– **Defined Thresholds**:
– Entities must not sell or process data if they exceed certain thresholds for various types of personal data which include:
– Financial data on over 10,000 individuals
– Health data on over 10,000 individuals
– Geolocation data on over 1,000 devices
– Genomic data on over 100 individuals
– Biometric identifiers on over 1,000 individuals
– Identifiers touching on broader categories affecting over 100,000 individuals
– **Prohibitions and Compliance**: Companies will be barred from engaging in data processes that breach these thresholds, notably if interactions involve foreign ownership or employees residing in the countries listed.
– **Exceptions**: There are exemptions for government-related activities, basic telecommunications services, and certain routine business processes (e.g., payroll). Instances of harmless personal communications that do not hold significant value also fall outside the regulation’s purview.
– **Path to Better Data Protection**: While these measures signify progress in protecting US citizens’ data, they are part of a longer journey toward comprehensive national privacy legislation, which remains a debated topic.
– **Implications for Security Professionals**:
– The restrictions necessitate robust compliance frameworks within organizations that process large datasets to prevent breaches and audits by the DoJ.
– There may be increased scrutiny on data practices and the potential need for new policies or procedures to ensure that data handling meets the new regulatory requirements.
This Executive Order underscores the growing importance of data governance and privacy practices in the current political climate, making it essential for professionals in AI, cloud, and infrastructure security to stay informed and prepared for compliance with evolving regulations.