BarbriSFCourseDetails
  1. keyboard_arrow_leftBack

Course Details

Course Information
  • smart_display Format

    Live Online with Live Q&A

  • signal_cellular_alt Difficulty Level

    Intermediate

  • work Practice Area

    Cybersecurity and Data Privacy

Date & Time
  • event Date

    Wednesday, April 2, 2025

  • schedule Time

    1:00 p.m. ET./10:00 a.m. PT

  • timer Program Length

    90 minutes

Credit Information

  • This 90-minute webinar is eligible in most states for 1.5 CLE credits.

$297.00

This CLE webinar will provide an overview of the final rule recently issued by the National Security Division of the Department of Justice (DOJ) restricting the transfer of bulk sensitive personal and government-related data to certain countries of concern, including the People’s Republic of China. The panel will also revisit the Protecting Americans' Data From Foreign Adversaries Act of 2024 (PADFAA), which took effect in June 2024. The panel will discuss the scope, applicability, and practical implications of these new laws and will provide guidance on actions companies need to take now to ensure compliance.

Faculty

Peloquin David
Shareholder
Ropes & Gray

Mr. Peloquin advises clients on a wide range of legal and regulatory issues in the area of clinical research and related activities. He counsels academic medical centers, life sciences companies, information technology companies and other clients that sponsor, support and conduct research. With a broad client base and knowledge of a range of laws and regulations, from the Common Rule and FDA regulations, to HIPAA and GDPR, to state and federal fraud and abuse laws—Mr. Peloquin offers clients clear, practical advice on how the complex legal landscape intersects with an array of research activities. In addition to his advisory work, Mr. Peloquin collaborates with the private equity group to conduct regulatory diligence of clinical research investments and works with the firm’s litigation practice on government and civil investigations involving clinical research. He speaks and writes frequently on issues in healthcare law and data privacy.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Whitkin Elizabeth
Shareholder
Ropes & Gray

Ms. Whitkin advises health care industry clients, including hospitals, long-term care providers, laboratories, pharmacies, biotechnology companies and health systems, on a variety of regulatory and compliance matters, including state licensing, Medicare enrollment, HIPAA, and compliance with federal and state fraud and abuse laws. She also provides advice on complex transactional matters for health care organizations and private equity firms.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio

Description

On Jan. 8, 2025, the DOJ issued its groundbreaking new rule establishing a data security regime based on national security policy with the DOJ as the critical regulator of data transfers. Most provisions of the rule take effect Apr. 8, 2025, with certain due diligence, audit, and reporting obligations taking effect on Oct. 6, 2025.

The rule prohibits certain data brokerage transactions and certain transactions involving human 'omic data and includes significant civil and criminal penalties for violations. The rule also creates a set of restricted transactions involving vendor agreements, employment agreements, or investment agreements in which U.S. persons may engage only if they comply with a set of cybersecurity and compliance-related requirements. There are also specifically defined exempted transactions to which the prohibitions and restrictions do not apply.

PADFAA, effective June 23, 2024, prohibits data brokers from transferring personally identifiable sensitive data to certain named foreign adversary countries, and any entity controlled by certain foreign adversaries. The law includes broad definitions of the terms "data brokers," "personally identifiable sensitive data," and "controlled by a foreign adversary," which means the law applies to a wide range of companies and it also includes steep civil penalties for violations.

Listen as our expert panel from Ropes & Gray reviews these changes in the federal government's approach to cross-border data transfers. The panel will also provide guidance for assessing the applicability of these new rules to a client's business and how to navigate compliance under this new data transfer framework.

Outline

  1. Overview: current federal landscape regarding data use practices
  2. DOJ's new rule restricting cross-border data transfers
    • Important definitions
    • Prohibited transactions
    • Restricted transactions
    • Exempt transactions
    • Recordkeeping
    • Penalties
  3. Protecting Americans' Data From Foreign Adversaries Act of 2024 (PADFAA)
    • Definitions
    • Unlawful activities
    • Exceptions
  4. Comparing the compliance obligations of the DOJ's new rule and PADFAA
  5. Comparing the treatment of data brokers under the DOJ Rule and PADFAA with obligations under certain state laws
  6. Implications for businesses
  7. Actions businesses need to take now to ensure compliance
  8. Practitioner pointers and key takeaways

Benefits

The panel will review these and other key considerations:

  • What are the key definitions and provisions of the DOJ's new rule and PADFAA?
  • What are the practical implications of these new laws for businesses?
  • How will these new laws be enforced and what are the penalties for violations?
  • What steps should organizations take to come into compliance with these new data transfer laws?