How to Comply with the Bulk Data Rule for Restricted Transactions

To register for the upcoming live webinar, please Click Here

This follow?on CLE builds on National Security & Data Privacy: Complying with the Bulk Data Rule and the New Data Security Program and focuses on the most practical compliance question attorneys face under Executive Order 14117 and the DOJ’s Data Security Program (28 C.F.R. Part 202): how organizations can lawfully engage in restricted transactions.

While some data transfers are prohibited outright, many common business activities—including vendor arrangements, employment relationships, cloud services, and internal data access—are classified as restricted transactions and permitted only if specific security safeguards are implemented.

With DOJ enforcement now fully active and grace periods expired, lawyers must be prepared to advise not only on risk identification, but on how compliance is achieved and demonstrated.

This program provides a practical roadmap for identifying restricted transactions, understanding required security controls, and advising clients on defensible compliance strategies, drawing on regulatory text, DOJ and CISA guidance, and real?world examples.

Topics Covered:

• Overview of the Bulk Data Rule as it applies to restricted transactions
• Sensitive data categories and bulk thresholds
• Distinguishing prohibited vs. restricted transactions
• Required security controls under the Data Security Program
• The role of CISA security standards and guidance Practical compliance and documentation considerations

Learning Objectives:

• After completing this program, participants will be able to:
• Identify when a transaction qualifies as “restricted” under the Bulk Data Rule
• Explain the security controls required for lawful restricted transactions
• Evaluate common business arrangements for compliance risk
• Advise clients on documenting and defending compliance in an enforcement environment

Intended Audience - This program is designed for attorneys practicing in privacy, cybersecurity, national security, technology, corporate, employment, and regulatory compliance, as well as in?house counsel overseeing data governance and risk.

To register for the upcoming live webinar, please Click Here