Navigating the New Cybersecurity Requirements for the DOJ 'Bulk Sensitive Personal Data' Rule

Litigation partners Craig Heeren and Pete Baldwin and government and regulatory associate Charles Westerhaus authored an article for the New York Law Journal, titled “Navigating the New Cybersecurity Requirements for the DOJ ‘Bulk Sensitive Personal Data’ Rule.”

In the article, the authors discuss the DOJ Bulk Data Rule, which permits certain transactions if the U.S. entity involved meets cybersecurity requirements developed by the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA), which were published on Jan. 8, 2025.

The authors also discuss the rule’s “security requirements,” CISA Cybersecurity Requirements and lessons for the business community.

The full article is available to New York Law Journal subscribers.