Gibson Dunn Announces Task Force to Help Clients Navigate DOJ’s Sensitive Personal Data Regulations

Firm News  |  July 31, 2025

July 31, 2025 – Gibson Dunn is pleased to announce its DOJ Data Security Program Task Force—a cross-disciplinary team designed to help clients understand and comply with the U.S. Department of Justice’s (DOJ) new regulatory framework: the Data Security Program (DSP). Under rules issued by the DOJ’s National Security Division (NSD), this framework restricts access to bulk U.S. sensitive personal data and U.S. government-related data and affects a broad range of U.S. businesses—particularly those that collect, process, transfer, or grant access to such data through relationships with foreign vendors, investors, partners, or service providers.

The Task Force brings together seasoned lawyers from Gibson Dunn’s market-leading National Security, White Collar Defense and Investigations, Cybersecurity, International Trade, and Corporate Governance Practice Groups. This integrated team offers clients comprehensive, practical counsel on how to identify, assess, and manage potential legal obligations and compliance risks under the DSP.

“As the federal government sharpens its focus on the protection of sensitive personal and government data, companies must be prepared to meet new and evolving compliance obligations,” said Vivek Mohan, a Task Force member who Co-Chairs the Artificial Intelligence Practice Group and is a member of the Privacy, Cybersecurity, and Data Innovation Practice Group. “At its core, the DSP reflects a new paradigm for regulating access to data under U.S. law—subjecting globally integrated companies to U.S. national security scrutiny and exposing businesses to potential civil or criminal penalties if risks are not properly assessed and managed. Our Task Force is uniquely positioned to provide strategic, actionable guidance that addresses these challenges while aligning with overlapping obligations under domestic and international privacy, security, and trade frameworks.”

Stephenie Gosnell Handler, a Task Force member and Partner in the International Trade and Privacy, Cybersecurity, and Data Innovation Practice Groups, added: “The DOJ’s new Sensitive Data Regulations create a complex, high-stakes compliance environment for businesses that handle large volumes of personal data or work with the U.S. government. These rules are a regulatory chimera—adapting concepts from export controls, CFIUS, sanctions, cybersecurity, and data protection laws in a manner intended to achieve national security objectives and carrying significant enforcement implications. Our Data Security Program Task Force is designed to help clients cut through that complexity. We bring together regulatory depth, investigative insight, and real-world experience to help companies build durable, defensible compliance strategies that align with DOJ expectations and global data regimes.”

Gibson Dunn’s Data Security Program Task Force includes former senior government officials, former in-house legal department leaders, and experienced white collar defense counsel. The team is equipped to advise on:

  • Assessing exposure to DOJ data security regulations;
  • Implementing compliance frameworks and policies aligned with DOJ expectations;
  • Managing competing obligations under U.S. and international data protection regimes;
  • Advising senior leadership on their oversight and management responsibilities;
  • Responding to DOJ inquiries and enforcement actions; and
  • Demonstrating proactive compliance posture to regulators and stakeholders.

This Task Force underscores Gibson Dunn’s ongoing commitment to helping clients navigate complex legal environments with forward-thinking, multidisciplinary solutions. For more information on the Task Force, visit: https://www.gibsondunn.com/doj-data-security-program-task-force/