Saddle Up, Montana: Original 2024 State Privacy Laws Get a Makeover in 2025
Montana implemented the Montana Consumer Data Privacy Act (MCDPA) on October 1, 2024. The law regulates businesses that produce products or services...
With Verified Credentials' mobile-first candidate experience, you meet candidates where it's most convenient. Learn how easy we make it.
|
Now offering DOT services!Get your drivers on the road quickly and meet DOT regulations. |
Gain clarity about your compliance responsibilities with our new Adverse Action Guide! Use the interactive map to learn what regulations apply in your area.
Verified Credentials is a leading background screening company. Since 1984, we’ve helped validate and secure relationships through the use of our comprehensive screening solutions. We offer a wide variety of background checks, verifications, and innovative screening tools.
Our accreditation confirms that our policies, processes, and employee training meet rigorous industry compliance standards.
2 min read
Verified Credentials Mar 7, 2024 12:00:00 AM
President Biden issued Executive Order 14117 on February 28, 2024, to address the threat of certain countries of concern accessing or misusing bulk American sensitive data. As a result, the order directly impacts data handling practices within organizations.
The order expands on the 2019 Executive Order 13873, Securing the Information and Communications Technology and Service Supply Chain. The original Executive Order addresses the "unrestricted acquisition or use of information and communications technology by foreign adversaries."
The primary goal of Executive Order 14117 is to limit access to Americans' sensitive personal data and US Government-related data to "countries of concern". The order authorizes the Attorney General to prevent the large-scale transfer of Americans' personal data. It notes that the development of artificial intelligence (AI) capabilities and algorithms exacerbates the risks of bulk sensitive data, such as recognizing patterns across multiple unrelated datasets and potentially de-anonymizing data.
Executive Order 14117 restricts access when bulk sensitive data is considered an "unacceptable risk to the national security of the United States". The order defines sensitive data to include:
The order authorizes the Department of Justice (DOJ) to identify foreign governments that are countries of concern based on certain parameters. As of February 28, 2024, the DOJ specified the following countries as countries of concern:
The order also directs other federal departments and agencies to act, including promoting new rules and regulations, to curb the flow of "sensitive personal data" to countries of concern. The full text for Executive Order 14117 can be found here.
Companies engaged in transactions that include bulk sensitive data or U.S. Government-related data, such as the sale or licensing of such data, can expect new regulations in the future.
Executive Order 14117 specifically highlights transactions that can provide unguarded access to Americans' bulk sensitive data such as data brokerages, third-party vendor agreements, employment agreements, and investment agreements.
The DOJ in consultation with other government agencies will be identifying classes of prohibited data transactions, including:
The DOJ will also be considering three classes of restricted data transactions that may affect employers:
This Executive Order is one of several recent regulations implemented as the Federal Government navigates proper precautions for using bulk data and AI safely. The October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence is another example of this ongoing effort. Other details and new state-level regulations to safely guard sensitive data and specify guidelines for the safe use of AI are likely to follow.
Employers should review potentially affected agreements and transactions with their legal counsel, especially those related to technology services, cloud solutions, and the use or transfer of bulk sensitive data. Verified Credentials will continue to monitor the development of regulations designed to protect security and data and provide updates as they become available.
Montana implemented the Montana Consumer Data Privacy Act (MCDPA) on October 1, 2024. The law regulates businesses that produce products or services...
For a second time this year, the state of Washington has enacted efforts to create a fair hiring landscape for Washingtonians. We previously covered ...
A bill to legalize medical marijuana in Kentucky has been in the queue for quite some time, but it was not until earlier this year that the...
The Connecticut Data Privacy Act (CTDPA), which took effect in July 2023, is one of the nation’s pioneering consumer privacy laws. The CTDPA...
In December 2024, New York Governor Kathy Hochul signed two bills amending the state’s current data breach notification law. Senate Bill S2659B and...
Montana has joined the growing list of consumer data privacy laws enacted throughout the country, creating new guidelines for consumer data privacy. ...