INFOGRAPHIC

Data Security Program Cheat Sheet

This resource provides an overview of the U.S. Data Security Program, which establishes controls to prevent foreign adversaries from accessing sensitive U.S. data.

Published: 3 July 2025

View PDF

The U.S. Department of Justice's final rule on protecting Americans' sensitive data took effect on 8 April 2025. The Data Security Program was adopted pursuant to Executive Order 14117 and is implemented by the DOJ's National Security Division. The DSP establishes controls to prevent foreign adversaries, and those subject to their control and direction, from accessing bulk U.S. sensitive personal data and U.S. government-related data.

This cheat sheet provides an overview of the DSP. The IAPP additionally published this article on preparing for the DSP.

CPE credit badge

This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.

Submit for CPEs

Contributors:

Jim Dempsey

Lecturer, UC Berkeley Law; Managing Director, Cybersecurity Law Center, IAPP

Cheryl Saniuk-Heinig

Former research and insights analyst, IAPP

CIPP/E, CIPP/US, CIPM

Tags:

Data securityIncident managementProgram managementRisk managementGovernmentTechnologyFinance and bankingCybersecurity law
INFOGRAPHIC

Data Security Program Cheat Sheet

This resource provides an overview of the U.S. Data Security Program, which establishes controls to prevent foreign adversaries from accessing sensitive U.S. data.

Published: 3 July 2025

View PDF

Contributors:

Jim Dempsey

Lecturer, UC Berkeley Law; Managing Director, Cybersecurity Law Center, IAPP

Cheryl Saniuk-Heinig

Former research and insights analyst, IAPP

CIPP/E, CIPP/US, CIPM

The U.S. Department of Justice's final rule on protecting Americans' sensitive data took effect on 8 April 2025. The Data Security Program was adopted pursuant to Executive Order 14117 and is implemented by the DOJ's National Security Division. The DSP establishes controls to prevent foreign adversaries, and those subject to their control and direction, from accessing bulk U.S. sensitive personal data and U.S. government-related data.

This cheat sheet provides an overview of the DSP. The IAPP additionally published this article on preparing for the DSP.

CPE credit badge

This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.

Submit for CPEs

Tags:

Data securityIncident managementProgram managementRisk managementGovernmentTechnologyFinance and bankingCybersecurity law

Related resources

IAPP Global Legislative Predictions 2026

RESOURCE ARTICLE

Data Governance Act: Mapping the Interplays with the GDPR

INFOGRAPHIC

AI Governance Vendor Report 2026

REPORT

US State Privacy Legislation Tracker

TOOLS AND TRACKERS