Hi, readers of HackingBlogs
To prevent foreign adversaries from gaining access to Americans’ private information, the United States has just launched a significant data security effort. What it implies, why it matters, and what you need to know quickly are all explained in this post.
🚨 What’s the Problem?
China, Russia, and Iran have been able to obtain the most private information about Americans for years. We are discussing more than just hacking. These nations have been lawfully purchasing data or putting pressure on foreign businesses to hand it over.
This is the risk:
- They have the ability to spy on Americans and the American government.
- Steal financial information, military secrets, or technology.
- Create effective AI and surveillance tools using our data.
- Use misinformation or hacks to target Americans.
“If you’re a foreign adversary, why would you go through the trouble of complicated cyber intrusions and theft to get Americans’ data when you can just buy it on the open market or force a company under your jurisdiction to give you access? The Data Security Program makes getting that data a lot harder.”
said Deputy Attorney General Todd Blanche
What’s the Government Doing About It?
The Justice Department has introduced a new Data Security Program to fight this. It was formally launched on April 8, 2025, with the goal of preventing foreign adversaries from gaining access to private American information. Put an end to certain relationships and transactions that threaten national security. Ensure that businesses are aware of who controls their data and where it goes.
Who’s Behind This?
“If you’re a foreign adversary, why hack when you can just buy data?”
Deputy Attorney General Todd Blanche
The Justice Department’s National Security Division (NSD) administers the program, which is a component of larger American initiatives to:
- Implement America First’s investment strategy.
- Address emerging risks in the Annual Threat Assessment for 2025.
- Maintain the national interests specified in Executive Order 13873.
What Does the Data Security Program Actually Do?
The program protects sensitive data categories such as:
- Geolocation Data (e.g., where your phone has been)
- Genomic Data (your DNA or health-related genetic info)
- Financial Information
- Health Records
- Government-related Data
- Biometric Data (facial recognition, fingerprints, etc.)
The application functions similarly to data export controls. This policy prevents foreign adversaries or anybody under their control from accessing sensitive data, much like we do when we limit the export of military equipment.
It covers foreign enterprises doing business in or with the United States, U.S. corporations and persons, and any transactions involving sensitive U.S. data.
What to Do During the 90-Day Grace Period
The goal is on helping firms in changing, not penalizing them, from April 8 to July 8, 2025. Companies will not be subject to enforcement actions during this period as long as they are operating in good faith.
During this 90-day period, NSD encourages the public to contact NSD at nsd.firs.datasecurity@usdoj.gov with informal inquires or information about the DSP and the guidance NSD has released. Although NSD may not be able to respond to every inquiry, NSD will use its best efforts to respond consistent with available resources, and any inquiries or information submitted may be used to develop and refine future guidance.
Now is your time to get ready. Throughout these ninety days, the Justice Department pushes Examining your business’s data-sharing procedures, Revising agreements, Internally auditing the flow and access of data, Educating employees on compliance, Making contact with NSD with queries or issues
