DOJ’s Data Security Program: Complying with Administrative, Audit, and Technical Requirements of the “Bulk Data Rule”

DOJ’s Data Security Program, also known as the “Bulk Data Rule,” imposes a range of recordkeeping and auditing requirements on U.S. companies that engage in “restricted transactions” under the Bulk Data Rule. 

DOJ also incorporates technical security requirements issued by the Cybersecurity & Infrastructure Security Agency (CISA). David Aaron and Sarah Grant were joined by Josh Larocca of Stroz Friedberg to discuss designing and implementing compliance programs that satisfy DOJ and CISA requirements.