October 6: The Day U.S. Data Security Rules Get Real

US Department of JusticeData SecurityTechnology Risk ManagementIRM
Written By Samantha "Sam" Jones

Today marks a turning point for every organization that handles large volumes of U.S. personal or government-related data. The Department of Justice’s Data Security Program (DSP), authorized under Executive Order 14117, officially moves from guidance to enforcement. Starting October 6, 2025, companies that share sensitive U.S. data with foreign partners must have a written compliance program in place or face potential penalties. The rule is designed to stop bulk transfers of Americans’ sensitive information to countries that the U.S. deems national security risks.

Samantha "Sam" Jones

Samantha “Sam” Jones is the lead research analyst for the IRM Navigator™ series and a core contributor to The RiskTech Journal and The RTJ Bridge. As a digital editorial analyst, she specializes in interpreting vendor strategy, market evolution, and the convergence of technology with enterprise risk practices.

As part of Wheelhouse’s AI-enhanced advisory team, Sam applies advanced analytical tooling and editorial synthesis to help decode the structural changes shaping the risk management landscape.

Sign up to read this post
Join Now
Previous

Petri and the Rise of Autonomous Risk Auditing
Next

Executive Comparison of AI Governance Frameworks for Risk & Compliance