Employers Urged To Revisit Existing Privacy Policies Following Executive Order Mandating Protection Of Sensitive Personal Data
Topics: Legal Information, Personnel Policies and Procedures, Privacy
President Biden issued an Executive Order on February 28, 2024 to prevent access to U.S. Citizens’ sensitive personal data and U.S government-related data by countries of concern. This executive order targets data brokers that sell U.S. citizens’ sensitive personal data to entities located in or affiliated with “countries of concern.”
Countries of concern include Iran, North Korea, Russia, China, Cuba, and Venezuela. Sensitive personal data includes genomic data, biometric data, personal health data, geolocation data, financial data, and other types of personally identifiable information. Government-related data includes data linked or linkable to categories of U.S. government personnel and data that could be used to identify U.S. government personnel.
The Executive Order further states that the Department of Justice will work with the Department of Homeland Security to set high-security standards to prevent countries of concern from accessing sensitive personal data.
This new Executive Order will affect businesses across different industries, domestic and abroad. Businesses with an international presence that have dealings with “countries of concern” should review their privacy policies to ensure compliance. Currently, no comprehensive federal privacy law is in place, so this executive order is another legal obligation to be added to various existing privacy laws, including California’s privacy laws.
For employers that do not believe they have an international presence, reasonable due diligence should still be performed to determine whether third parties with access to employee/consumer data have international ties such that sensitive personal data may be transferred to “countries of concern.”
Covered California employers should already have privacy policies in place to comply with CCPA/CPRA. Further modifications to existing privacy policies may be necessary in light of this new executive order.
CDF’s Privacy Practice Group will continue to monitor the latest developments related to the CCPA, the CPRA, and the Agency’s enforcement actions. Please contact a member of CDF's Privacy Practice Group (Dan Forman, Dalia Khatib, or Linda Wang) to discuss compliance with any government investigation or questions about the CCPA & CPRA. Our Privacy Practice Group is available to assist employers with policies, notices, and general compliance.