Gibson Dunn Announces Task Force to Help Clients Navigate DOJ’s Sensitive Personal Data Regulations
Client Alert | July 31, 2025
Gibson Dunn is pleased to announce its DOJ Data Security Program Task Force—a cross-disciplinary team designed to help clients understand and comply with the U.S. Department of Justice’s (DOJ) new regulatory framework: the Data Security Program (DSP). Under rules issued by the DOJ’s National Security Division (NSD), this framework restricts access to bulk U.S. sensitive personal data and U.S. government-related data and affects a broad range of U.S. businesses—particularly those that collect, process, transfer, or grant access to such data through relationships with foreign vendors, investors, partners, or service providers.
The Task Force brings together seasoned lawyers from Gibson Dunn’s market-leading National Security, White Collar Defense and Investigations, Cybersecurity, International Trade, and Corporate Governance Practice Groups. This integrated team offers clients comprehensive, practical counsel on how to identify, assess, and manage potential legal obligations and compliance risks under the DSP.
“As the federal government sharpens its focus on the protection of sensitive personal and government data, companies must be prepared to meet new and evolving compliance obligations,” said Vivek Mohan, a Task Force member who Co-Chairs the Artificial Intelligence Practice Group and is a member of the Privacy, Cybersecurity, and Data Innovation Practice Group. “At its core, the DSP reflects a new paradigm for regulating access to data under U.S. law—subjecting globally integrated companies to U.S. national security scrutiny and exposing businesses to potential civil or criminal penalties if risks are not properly assessed and managed. Our Task Force is uniquely positioned to provide strategic, actionable guidance that addresses these challenges while aligning with overlapping obligations under domestic and international privacy, security, and trade frameworks.”
Stephenie Gosnell Handler, a Task Force member and Partner in the International Trade and Privacy, Cybersecurity, and Data Innovation Practice Groups, added: “The DOJ’s new Sensitive Data Regulations create a complex, high-stakes compliance environment for businesses that handle large volumes of personal data or work with the U.S. government. These rules are a regulatory chimera—adapting concepts from export controls, CFIUS, sanctions, cybersecurity, and data protection laws in a manner intended to achieve national security objectives and carrying significant enforcement implications. Our Data Security Program Task Force is designed to help clients cut through that complexity. We bring together regulatory depth, investigative insight, and real-world experience to help companies build durable, defensible compliance strategies that align with DOJ expectations and global data regimes.”
Gibson Dunn’s Data Security Program Task Force includes former senior government officials, former in-house legal department leaders, and experienced white collar defense counsel. The team is equipped to advise on:
- Assessing exposure to DOJ data security regulations;
- Implementing compliance frameworks and policies aligned with DOJ expectations;
- Managing competing obligations under U.S. and international data protection regimes;
- Advising senior leadership on their oversight and management responsibilities;
- Responding to DOJ inquiries and enforcement actions; and
- Demonstrating proactive compliance posture to regulators and stakeholders.
The Task Force underscores Gibson Dunn’s ongoing commitment to helping clients navigate complex legal environments with forward-thinking, multidisciplinary solutions. For more information, please visit DOJ Data Security Program Task Force, or feel free to contact any member of the team:
David P. Burns – Washington, D.C.
(+1 202.887.3786, dburns@gibsondunn.com):
David is a litigation partner and co-chair of the firm’s National Security Practice Group, and a member of the White Collar and Investigations and Crisis Management practice groups. His practice focuses on white-collar criminal defense, internal investigations, national security, and regulatory enforcement matters. David represents corporations and executives in federal, state, and regulatory investigations involving securities and commodities fraud, sanctions and export controls, theft of trade secrets and economic espionage, the Foreign Agents Registration Act, accounting fraud, the Foreign Corrupt Practices Act, international and domestic cartel enforcement, health care fraud, government contracting fraud, and the False Claims Act.
Mellissa Campbell Duru – Washington, D.C.
(+1 202.955.8204, mduru@gibsondunn.com):
Mellissa is a corporate partner and a member of the firm’s Securities Regulation and Corporate Governance Practice Group. Prior to joining Gibson Dunn, Mellissa served as Deputy Director of the Division of Corporation Finance’s Legal Regulatory Policy group at the U.S. Securities and Exchange Commission (SEC). As Deputy Director, Mellissa oversaw transactional filings, rules, interpretative guidance, and exemptive and no-action relief requests within the Division of Corporation Finance’s Office of Mergers & Acquisitions, Office of International Corporation Finance, Office of Small Business Policy, Office of Rulemaking, and Office of Structured Finance.
Melissa Farrar – Washington, D.C.
(+1 202.887.3579, mfarrar@gibsondunn.com):
Melissa is a partner and member of the firm’s White Collar Defense and Investigations Practice Group. Melissa represents and advises multinational corporations in internal and government investigations on a wide range of topics, including the U.S. Foreign Corrupt Practices Act, the False Claims Act, anti-money laundering, export controls compliance, and accounting and securities fraud, including defending U.S. and global companies in civil and criminal investigations pursued by the DOJ and the SEC. Melissa also routinely counsels corporations on the design and implementation of their corporate ethics and compliance programs. She frequently leads corporate compliance program assessments and has experience in all areas of corporate compliance, including policy and procedure and code of conduct development, program governance and structure design, risk assessment planning and implementation, and the conduct of internal investigations, among others.
Stephenie Gosnell Handler – Washington, D.C.
(+1 202.955.8510, shandler@gibsondunn.com):
Stephenie is a partner and member of the International Trade and Privacy, Cybersecurity, and Data Innovation practices. She advises clients on complex legal, regulatory, and compliance issues relating to international trade, cybersecurity, and technology matters. Stephenie ’s legal advice is deeply informed by her operational cybersecurity and in-house legal experience at McKinsey & Company, and also by her active duty service in the U.S. Marine Corps. Stephenie returned to Gibson Dunn as a partner after serving as Director of Cybersecurity Strategy and Digital Acceleration at McKinsey & Company, where she led development of the firm’s cybersecurity strategy and advised senior leadership on public policy and geopolitical trends relating to cybersecurity, technology, and data.
Vivek Mohan – Palo Alto
(+1 650.849.5345, vmohan@gibsondunn.com):
Vivek is a partner and Co-Chair of the top-ranked Artificial Intelligence practice and a core member of the Privacy, Cybersecurity and Data Innovation practice. Vivek advises clients on legal, regulatory, compliance, and policy issues on a global scale with a focus on cutting-edge technology issues. His practice spans counseling, regulatory response, incident response, advocacy, and transactional matters, allowing him to provide clients with strategic advice whether they are developing a new product or service, responding to a regulatory inquiry, setting up a privacy program, responding to a data breach, or negotiating a complex agreement. Vivek previously worked at Apple Inc., where he was head of information security law and a leader of the company’s global privacy law & policy team and was responsible for privacy and security legal issues associated with the company’s products, services, and corporate infrastructure.
F. Joseph Warin – Washington, D.C.
(+1 202.887.3609, fwarin@gibsondunn.com):
F. Joseph Warin is chair of the 250-person Litigation Department in Washington, D.C. and co-chair of the firm’s global White Collar Defense and Investigations Practice Group. Mr. Warin’s practice includes representation of corporations in complex civil litigation, white collar crime, and regulatory and securities enforcement – including Foreign Corrupt Practices Act investigations, False Claims Act cases, special committee representations, compliance counseling and class action civil litigation. Mr. Warin has handled cases and investigations in more than 40 states and dozens of countries involving federal regulatory inquiries, criminal investigations, and cross-border inquiries by dozens of international enforcers. He is the only person ever to serve as a compliance monitor or counsel to the compliance monitor in three separate FCPA monitorships, pursuant to settlements with the SEC and DOJ.
Contributing Associates:
Christine A. Budasoff – Washington, D.C. (+1 202.955.8654, cbudasoff@gibsondunn.com)
Kyle D. Clendenon – Houston (+1 346.718.6641, kclendenon@gibsondunn.com)
Hugh N. Danilack – Washington, D.C. (+1 202.777.9536, hdanilack@gibsondunn.com)
Amanda Estep – Palo Alto (+1 650.849.5241, aestep@gibsondunn.com)
Sarah L. Pongrace – New York (+1 212.351.3972, spongrace@gibsondunn.com)
© 2025 Gibson, Dunn & Crutcher LLP. All rights reserved. For contact and other information, please visit us at www.gibsondunn.com.
Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.