DOJ Enforces New Data Security Rule, Launches Healthcare Fraud Crackdown and Whistleblower Rewards

This week’s top headline from the Department of Justice is enforcement: as of July 8, the DOJ’s landmark rule restricting the transfer of Americans’ sensitive personal data to countries of concern is officially in force. The 90-day grace period for organizations to comply has ended, and businesses of all sizes are now expected to fully meet the DOJ’s Data Security Program requirements. This move aims to safeguard everything from biometric and financial details to precise location and health data against exploitation by foreign adversaries. Civil penalties for violations can reach up to twice the value of each unlawful transaction. According to Deputy Attorney General Todd Blanche, this program “makes getting that data a lot harder” for those who would use it to threaten U.S. national security. The impact is sweeping: American businesses, especially those dealing in large volumes of personal or U.S. government-related data, must now conduct rigorous risk assessments and implement new compliance tools or face significant penalties. For state and local governments, particularly those collaborating with private contractors or tech partners, the Rule introduces fresh audit and record-keeping obligations. Internationally, this step signals a more assertive American posture on data security and digital sovereignty. The list of affected countries includes China, Russia, Iran, North Korea, Cuba, and Venezuela. Organizations have until October 6 to complete enhanced due diligence and audit requirements. On the enforcement and public safety front, the DOJ and Department of Health and Human Services have just launched the False Claims Act Working Group to escalate efforts against healthcare fraud. In 2024 alone, DOJ secured over $2.9 billion in settlements and judgments related to healthcare fraud. This new group will leverage cross-agency collaboration and advanced data analytics to identify and prosecute fraudulent activity. Deputy Assistant Attorney General Brenna Jenny emphasized that the group will “prioritize the most readily provable and meritorious complaints,” ensuring resources go where they’re most effective. For ordinary Americans, this means a stronger check on waste and abuse in programs like Medicare and Medicaid, with the potential for better care and less government spending lost to fraud. There’s also big news for whistleblowers. The DOJ’s Antitrust Division, in partnership with the U.S. Postal Service, has started offering financial rewards to people who report antitrust violations affecting the Postal Service. This expands the array of whistleblower incentives, including potential non-prosecution agreements and civil rewards, and encourages more citizens and employees to come forward with tips about fraud and abuses that hurt consumers, taxpayers, and competition. Looking ahead, companies should immediately review and update their data security policies, conduct compliance audits, and consult the DOJ’s published FAQs for guidance. Cit