The Matrix

If your company transfers sensitive personal data of U.S. individuals to entities or persons associated with certain countries deemed foreign adversaries, two federal programs designed to address national security risks should be on your radar -- the Department of Justice’s Data Security Program (DSP) and the Protecting Americans’ Data from Foreign Adversaries Act (PADFAA). While different, both frameworks address risks of data exploitation by adversarial nations and have significant potential penalties for non-compliance. PADFAA is a law that was enacted in June 2024; the DSP is a DOJ-administered program born from an executive order, and the DOJ has announced that it will begin enforcing the framework on July 8, 2025.

In March 2023, the White House released the National Cybersecurity Strategy, which details the Biden administration’s policy and agency directives to strengthen U.S. cybersecurity across the public and private sectors. Cybersecurity regulations and cybersecurity responses affect both U.S. national security as well as the security and stability of U.S. businesses and individuals. The 2023 National Cybersecurity Strategy replaces the 2018 National Cyber Strategy set forth under the Trump administration and builds on the 2008 Comprehensive National Cybersecurity Initiative set forth under the Obama administration.  

October is National Cybersecurity Awareness month, and the Department of Justice has chosen this month to roll out a new “Civil Cyber-Fraud Initiative.” The announced purpose of the Initiative is to actively pursue cybersecurity-related fraud claims by government contractors and grant recipients.