The Software & Information Industry Association (SIIA) has submitted comments on the Department of Justice’s proposed rules for implementing Executive Order 14117, aimed at preventing unauthorized access to Americans’ sensitive personal and government-related data by foreign adversaries. While SIIA recognizes the importance of the order’s goals, it highlights several areas needing refinement to avoid unintended consequences. Key concerns include the overly broad definition of “bulk sensitive data,” the inclusion of anonymized and encrypted data under its scope, and ambiguities surrounding terms like “data brokerage” and “covered persons.”

SIIA also urges the Department to align definitions and requirements with existing U.S. state and federal privacy laws to reduce compliance burdens and prevent regulatory confusion. Recommendations include clearer definitions of key terms, exemptions for privacy-protective practices such as anonymization, and practical approaches to diligence requirements. These measures, SIIA emphasizes, will help safeguard sensitive data while ensuring clarity and feasibility for businesses seeking to comply in good faith.