Protecting Americans’ Personal Data: A National Security Imperative

In a month’s time, two branches of the U.S. government have taken significant steps to protect Americans’ personal data from exploitation by adversarial regimes. These measures, although different in approach, share common goals rooted in national security concerns.

President Joe Biden issued Executive Order 14117 on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern. This order aims to safeguard personal data from exploitation by designated “countries of concern.” The Department of Justice subsequently published an advance notice of proposed rulemaking (ANPRM) to implement the order, outlining specific categories of sensitive personal data and transactions that would be restricted.

Additionally, the Department of Commerce released its own ANPRM focusing on information and communications technology (ICT) used in connected vehicles, soliciting input on addressing risks associated with foreign adversaries accessing Americans’ sensitive personal data through these technologies.

In a parallel effort, the House of Representatives passed a bill prohibiting data brokers from making sensitive data of U.S. individuals available to foreign adversary countries.

The national security threat landscape, as outlined by intelligence assessments, highlights the increasing cyber threats posed by countries like China, Russia, Iran, North Korea, Cuba, and Venezuela. These threats underscore the importance of protecting personal data to prevent espionage, cyberattacks, and influence operations.

The executive branch has been utilizing existing legal authorities to address these threats, including the Committee on Foreign Investment in the United States (CFIUS) process and Executive Orders focused on securing the ICT supply chain and assessing foreign participation in the U.S. telecommunications sector.

While these measures represent important steps in protecting personal data, there is a need for a comprehensive national data protection strategy. Such a strategy would involve public and congressional engagement, collaboration with international partners, and the development of federal privacy legislation to establish standardized privacy safeguards nationwide.

Ultimately, the goal is to position the United States as a leader in privacy protection and civil liberties, ensuring that personal data is safeguarded as a national security imperative in an increasingly digital and interconnected world.