DOJ Posts New FAQ for the “Bulk Data” Rule
The U.S. Department of Justice (DOJ) “Data Security Program” (DSP), also known as the “Sensitive Data Rule” or “Bulk Data Rule,” has prompted numerous questions about its scope and application.
DOJ issued a list of FAQs in April 2025, which largely restated components of the rule. For the first time since April, DOJ has added an FAQ: “How can I report a possible violation of the DSP by another person?” The answer describes financial rewards and protections for whistleblowers.
On one hand, this does not provide U.S.-based companies with much additional guidance as they determine whether their data practices implicate the DSP and how to achieve compliance. On the other hand, it highlights for companies that employees, contractors, vendors, customers, and others have an incentive to report potential violations – and that companies should scrupulously adhere to guidelines that protect whistleblowers from retaliation.
Although some may be tempted to dismiss the update to DOJ’s FAQs, it is possible that this addition is just the first of more responses to come. DOJ permitted the public to informally submit questions about the DSP through early July, so this first supplemental FAQ could indicate that DOJ has been working through questions and is ready to start publishing responses on a rolling basis. Watch this space for updates.
Print and share
Authors
Notice
Before proceeding, please note: If you are not a current client of Perkins Coie, please do not include any information in this e-mail that you or someone else considers to be of a confidential or secret nature. Perkins Coie has no duty to keep confidential any of the information you provide. Neither the transmission nor receipt of your information is considered a request for legal advice, securing or retaining a lawyer. An attorney-client relationship with Perkins Coie or any lawyer at Perkins Coie is not established until and unless Perkins Coie agrees to such a relationship as memorialized in a separate writing.
Notice
Before proceeding, please note: If you are not a current client of Perkins Coie, please do not include any information in this e-mail that you or someone else considers to be of a confidential or secret nature. Perkins Coie has no duty to keep confidential any of the information you provide. Neither the transmission nor receipt of your information is considered a request for legal advice, securing or retaining a lawyer. An attorney-client relationship with Perkins Coie or any lawyer at Perkins Coie is not established until and unless Perkins Coie agrees to such a relationship as memorialized in a separate writing.
Explore more in
Topics
Perkins on Privacy
Perkins on Privacy keeps you informed about the latest developments in privacy and data security law. Our insights are provided by Perkins Coie's Privacy & Security practice, recognized by Chambers as a leading firm in the field.