Photo of David Peloquin

On April 11, 2025, the Department of Justice (“DOJ”) released additional detail regarding the Final Rule implementing former President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “Final Rule”), which went into effect on April 8, 2025. The release included additional

Today, the Department of Justice’s (“DOJ”) Final Rule implementing former President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “Final Rule”) took effect.

Earlier this year, Ropes & Gray published an alert providing an overview of the Final Rule, material changes

In an International Association of Privacy Professionals (IAPP) article, health care partner David Peloquin and data, privacy and cybersecurity associate Jake Barr along with Legend Biotech Chief Privacy Officer and Assistant General Counsel Corey Dennis discuss the landmark rule limiting sensitive data transfers to “countries of concern.” The article reviews key aspects for health care

On January 8, 2025, the Department of Justice (“DOJ”) published its Final Rule to implement President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “Final Rule”). This follows the DOJ’s publication of its Notice of Proposed Rulemaking (“NPRM”) in October 2024

On October 29, 2024, the Department of Justice (“DOJ”) published its Notice of Proposed Rulemaking (“NPRM”) to implement President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” This follows the DOJ’s publication of its Advance Notice of Proposed Rulemaking earlier this year. 

On April 24, President Biden signed a sweeping foreign aid bill into law, which included a critical provision covering privacy and data transfers known as the Protecting Americans’ Data from Foreign Adversaries Act (“PADFA”). This Act is separate from the TikTok divestment portion of the legislation, which has received far greater attention in the press. 

In a Bloomberg Law article, attorneys examined Washington State’s comprehensive new privacy law, the My Health My Data Act, the first state law that specifically safeguards consumer health data.

The article discusses the new law’s scope, applicability, and ensuing company obligations. The Act will apply to many life sciences companies, pharmaceutical and device

On February 28, 2024, President Biden announced an Executive Order directing the Department of Justice to promulgate regulations that restrict or prohibit transactions involving certain bulk sensitive personal data or United States Government-related data and countries of concern or covered persons. The DOJ’s initially identified countries are China (including Hong Kong and Macau), Russia, Iran

On December 20, 2023, the National Institute of Standards and Technology (“NIST”) National Cybersecurity Center of Excellence (“NCCoE”) published its Cybersecurity of Genomic Data report (the “Report”).  The Report aims to assist organizations in protecting against misuse of genomic data and enabling secure collaborative innovations.  Note, however, that the Report is not authoritative with respect to its assessment of the treatment of genomic data under the current U.S. regulatory framework, including with respect to the identifiability of such information.Continue Reading NIST Cybersecurity Center of Excellence – Cybersecurity of Genomic Data Report