Celesq® Programs

How to Comply with the Bulk Data Rule for Restricted Transactions

Active
Program Number
36186
Program Date
2026-07-01
CLE Credits
1

This follow?on CLE builds on National Security & Data Privacy: Complying with the Bulk Data Rule and the New Data Security Program and focuses on the most practical compliance question attorneys face under Executive Order 14117 and the DOJ’s Data Security Program (28 C.F.R. Part 202): how organizations can lawfully engage in restricted transactions. 

While some data transfers are prohibited outright, many common business activities—including vendor arrangements, employment relationships, cloud services, and internal data access—are classified as restricted transactions and permitted only if specific security safeguards are implemented. 

With DOJ enforcement now fully active and grace periods expired, lawyers must be prepared to advise not only on risk identification, but on how compliance is achieved and demonstrated. 

This program provides a practical roadmap for identifying restricted transactions, understanding required security controls, and advising clients on defensible compliance strategies, drawing on regulatory text, DOJ and CISA guidance, and real?world examples. 

Topics Covered:

  • Overview of the Bulk Data Rule as it applies to restricted transactions
  • Sensitive data categories and bulk thresholds
  • Distinguishing prohibited vs. restricted transactions
  • Required security controls under the Data Security Program
  • The role of CISA security standards and guidance Practical compliance and documentation considerations 

Learning Objectives:

  • After completing this program, participants will be able to:
  • Identify when a transaction qualifies as “restricted” under the Bulk Data Rule
  • Explain the security controls required for lawful restricted transactions
  • Evaluate common business arrangements for compliance risk
  • Advise clients on documenting and defending compliance in an enforcement environment

Intended Audience - This program is designed for attorneys practicing in privacy, cybersecurity, national security, technology, corporate, employment, and regulatory compliance, as well as in?house counsel overseeing data governance and risk.

Available in States

  • California
  • Colorado
  • Florida
  • Georgia
  • New Jersey
  • New York
  • Texas Self Study

Program Categories

  • Corporate and Securities Law
  • Federal Courts
  • Florida Eligible
  • Government Claims & Military Law
  • Government Contracting
  • International Law & Global Trade

PROGRAM CREDITS

  • Areas of Professional Practice : 1 Credit