Skip to the main content.
Making screening easy for candidates

CVC - Mega Menu-01

With Verified Credentials' mobile-first candidate experience, you meet candidates where it's most convenient. Learn how easy we make it.

See how it works ›

Featured resource

Industry-Trends-Report-01

Learn the latest trends in employment background checks. This report uses real-life usage data to uncover how employers are screening across industries.

Download the full report ›

Verified Credentials is a leading background screening company. Since 1984, we’ve helped validate and secure relationships through the use of our comprehensive screening solutions. We offer a wide variety of background checks, verifications, and innovative screening tools.

Get to know us ›

Accredited background screening solutions

Logo-PBSA-Accreditation-120x98

Our accreditation confirms that our policies, processes, and employee training meet rigorous industry compliance standards.

Learn about our solutions ›

2 min read

Executive Order to Protect Sensitive Bulk Data in the U.S.

President Biden issued Executive Order 14117 on February 28, 2024, to address the threat of certain countries of concern accessing or misusing bulk American sensitive data. As a result, the order directly impacts data handling practices within organizations.

 

The order expands on the 2019 Executive Order 13873, Securing the Information and Communications Technology and Service Supply Chain. The original Executive Order addresses the "unrestricted acquisition or use of information and communications technology by foreign adversaries."

 

What is Executive Order 14117?

The primary goal of Executive Order 14117 is to limit access to Americans' sensitive personal data and US Government-related data to "countries of concern". The order authorizes the Attorney General to prevent the large-scale transfer of Americans' personal data. It notes that the development of artificial intelligence (AI) capabilities and algorithms exacerbates the risks of bulk sensitive data, such as recognizing patterns across multiple unrelated datasets and potentially de-anonymizing data. 

 

Executive Order 14117 restricts access when bulk sensitive data is considered an "unacceptable risk to the national security of the United States". The order defines sensitive data to include:

  • Personal identifiers
  • Geolocation and related sensor data
  • Biometric identifiers
  • Human 'omic data (data generated from humans that characterizes or quantifies human biological molecules or metabolic data)
  • Personal health data
  • Personal financial data
  • Any combination of the above

The order authorizes the Department of Justice (DOJ) to identify foreign governments that are countries of concern based on certain parameters. As of February 28, 2024, the DOJ specified the following countries as countries of concern:

  • China
  • Russia
  • Cuba
  • Iran
  • Venezuela
  • North Korea

The order also directs other federal departments and agencies to act, including promoting new rules and regulations, to curb the flow of "sensitive personal data" to countries of concern. The full text for Executive Order 14117 can be found here.

 

How does this affect employers?

Companies engaged in transactions that include bulk sensitive data or U.S. Government-related data, such as the sale or licensing of such data, can expect new regulations in the future.

 

Executive Order 14117 specifically highlights transactions that can provide unguarded access to Americans' bulk sensitive data such as data brokerages, third-party vendor agreements, employment agreements, and investment agreements. 

 

The DOJ in consultation with other government agencies will be identifying classes of prohibited data transactions, including:  

  • Data-brokerage transactions
  • Transactions involving the transfer of bulk human genomic data or human biospecimens from which human genomic data can be derived

The DOJ will also be considering three classes of restricted data transactions that may affect employers:

  • Vendor agreements (including technology services and cloud-service agreements)
  • Employment agreements
  • Investment agreements

What's next for employers?

This Executive Order is one of several recent regulations implemented as the Federal Government navigates proper precautions for using bulk data and AI safely. The October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence is another example of this ongoing effort. Other details and new state-level regulations to safely guard sensitive data and specify guidelines for the safe use of AI are likely to follow.

 

Employers should review potentially affected agreements and transactions with their legal counsel, especially those related to technology services, cloud solutions, and the use or transfer of bulk sensitive data. Verified Credentials will continue to monitor the development of regulations designed to protect security and data and provide updates as they become available.

Virginia’s New Record Sealing Laws Give a Second Chance to Reformed Individuals

Earlier this year, we covered Kansas City’s efforts to expand employment protections for individuals with criminal histories. Meanwhile, Virginia has...

Read More

Amendments to the Utah Artificial Intelligence Policy Act Explained

Although other states and jurisdictions have implemented laws and regulations to address certain aspects of AI use in business scenarios, Colorado...

Read More

Minneapolis Takes Action to Strengthen Civil Rights Protections

In 2014, Minnesota implemented a “ban the box” law (Minnesota Statute 364.021) to help create a fairer hiring climate for Minnesotans with a criminal...

Read More

Updates to New York’s Data Breach Notification Law Explained

In December 2024, New York Governor Kathy Hochul signed two bills amending the state’s current data breach notification law. Senate Bill S2659B and...

Read More

2024 Report on the Connecticut Data Privacy Act

The Connecticut Data Privacy Act (CTDPA), which took effect in July 2023, is one of the nation’s pioneering consumer privacy laws. The CTDPA...

Read More

U.S. House of Representatives Passes FCRA-Amending Bill: The Comprehensive CREDIT Act of 2020

On January 29, 2020, the United States House of Representatives passed the “Comprehensive Credit Reporting Enhancement, Disclosure, Innovation, and...

Read More