Ropes & Gray’s health care partner, David Peloquin, spoke with Bloomberg Law on the additional DOJ instructions regarding the Biden-era Executive Order 14117. DOJ has provided clarity surrounding the effective date for enforcement, with a promise to delay any enforcement efforts until July 8 for companies that show “good faith efforts to comply.” David
On April 11, 2025, the Department of Justice (“DOJ”) released additional detail regarding the Final Rule implementing former President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “Final Rule”), which went into effect on April 8, 2025. The release included additional
Today, the Department of Justice’s (“DOJ”) Final Rule implementing former President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “Final Rule”) took effect.
Earlier this year, Ropes & Gray published an alert providing an overview of the Final Rule, material changes
On January 8, 2025, the Department of Justice (“DOJ”) published its Final Rule to implement President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “Final Rule”). This follows the DOJ’s publication of its Notice of Proposed Rulemaking (“NPRM”) in October 2024
Cybersecurity and national security collided in significant ways in 2024, with governments and private-sector entities grappling with the legal, technical, and policy challenges of a rapidly evolving cyber landscape. Offensive cyber operations, questions of foreign ownership of social media companies, and the balance of power between the Executive and Legislative branches are just a few of the pressing issues shaping the modern landscape. OAs governments and private entities grapple with these challenges, the legal frameworks governing cybersecurity are evolving rapidly, offering both opportunities and risks for practitioners.Continue Reading Deck the Halls with Cyber Walls: Navigating National Security in the Digital Age
On April 24, President Biden signed a sweeping foreign aid bill into law, which included a critical provision covering privacy and data transfers known as the Protecting Americans’ Data from Foreign Adversaries Act (“PADFA”). This Act is separate from the TikTok divestment portion of the legislation, which has received far greater attention in the press.
On February 28, 2024, President Biden announced an Executive Order directing the Department of Justice to promulgate regulations that restrict or prohibit transactions involving certain bulk sensitive personal data or United States Government-related data and countries of concern or covered persons. The DOJ’s initially identified countries are China (including Hong Kong and Macau), Russia, Iran
On this episode of the R&G Tech Studio, litigation & enforcement partner Ama Adams, who’s also the managing partner of Ropes & Gray’s Washington, D.C. office, sits down with data, privacy & cybersecurity partner Fran Faircloth to discuss how she helps clients bridge the gap between ongoing national security concerns and the rapidly evolving
On March 15, 2022, President Biden signed into law significant new federal data breach reporting legislation that could vastly expand data breach notice requirements far beyond regulated entities or entities processing personal data. Unceremoniously tucked as Division Y into the H.R. 2471 Consolidated Appropriations Act, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of
Anxiety is running high as a result of Russia’s invasion of Ukraine, particularly in cybersecurity circles. The 2017 NotPetya attack was a Russian cyber-weapon fired at the Ukraine. In 2017, NotPetya spread to FedEx, Maersk, Merck, and several other companies, and it would be naïve not to expect a spillover from the 2022 attack. Indeed, a barrage of similar “wipers” has already been fired in 2022, and reports are circulating that some computers in Lithuania have been impacted.
Many cyber-weapons are delivered through phishing attacks, and companies can take three important steps to help prevent these attacks:
Continue Reading The Ukrainian Cybersecurity Spillover Problem