Matthew Baker, Jenna Comizio Guarino
Session Time: Fri, May 8, 2026: 08:50 AM-09:50 AM
By October 2026, the Department of Justice will begin active enforcement of its final rule on Preventing Access to Americans’ Bulk Sensitive Personal Data (28 C.F.R. Part 202). For companies across the board, this marks a fundamental shift: data security is no longer just a consumer privacy obligation—it is a matter of national security.
This panel explores the operational reality for companies that must now audit “Covered Data Transactions” across sprawling global supply chains. We will deconstruct the compliance burden of the Data Security Program (DSP) requirements, including vetting vendor and employment agreements for “Covered Persons” linked to countries of concern.
Key discussion points include:
- The Geolocation Trap: Managing the risk of “Bulk Precise Geolocation Data” (threshold: 1,000+ U.S. persons) within network management and optimization tools.
- Vendor Vetting 2.0: How the rule’s focus on “vendor agreements” forces a re-evaluation of cloud storage, SaaS partnerships, and managed service providers.
- The Enforcement Countdown: Preparing for the October 6, 2026, enforcement deadline and the “Annual Audit” mandate.
Matthew Baker, Partner, Practice Chair, Privacy & Cybersecurity, Baker Botts
Jenna Comizio Guarino, Vice President, Compliance and Legal Affairs, Mediacom Communications
Reading Materials:
