Photo of Janine Slade

Janine Slade

Drawing upon her experience at the U.S. Department of Homeland Security (DHS), Janine Slade advises clients on the U.S. national security review process administered by the Committee on Foreign Investment in the United States (CFIUS) and related reviews conducted by the interagency working group known as “Team Telecom.”

Janine served in a number of roles during her nearly 10-year tenure at DHS, including as Deputy Director, Foreign Investment Risk Management, and as an Attorney Advisor in the Office of the General Counsel. She advised Department leadership and component offices on matters relating to CFIUS and Team Telecom, assisted with compliance oversight of CFIUS national security agreements, and negotiated national security risk mitigation measures with corporate counsel for companies under review and investigation by CFIUS and Team Telecom. She also provided technical assistance to congressional staff and the CFIUS chair on Foreign Investment Risk Reduction & Modernization Act (FIRRMA) statutory reform and accompanying regulatory reform efforts.

Janine combines her extensive government experience with practical insights gained from serving in-house. Prior to joining the firm, Janine was a Government Relations Manager at Cummins Inc., where she established relationships with key stakeholders in Congress, the executive branch, and industry, and monitored and analyzed legislative and regulatory activities related to international trade.

Contact:Read more about Janine SladeEmail

Introduction

On December 27, 2024, the U.S. Department of Justice (“DOJ”) issued the Final Rule implementing President Biden’s February 28, 2024 Executive Order on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “EO”). The Final Rule solidifies a new national security regulatory regime focused on protecting bulk U.S. sensitive personal data and government-related data from countries of concern, including the People’s Republic of China (“PRC” or “China”), and represents the latest step in the U.S. government’s whole-of-government effort to “de-risk” with respect to China. The Final Rule marks the first time that U.S. persons will be categorically prohibited from engaging in certain transactions that may result in foreign access to bulk U.S. sensitive personal data and government-related data. It also provides that certain other transactions will be “restricted,” meaning they are prohibited unless the U.S. business first implements a range of security requirements, which in some cases will be onerous or costly. The Final Rule accordingly could have wide-ranging implications for U.S. companies across various industries. The Final Rule takes effect 90 days after publication in the Federal Register, which is set for January 8, 2025, although certain compliance requirements will not take effect until 270 days following publication.

In parallel with the release of the Final Rule, on January 3, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”), which is part of the U.S. Department of Homeland Security (“DHS”), released the final security requirements (the “Security Requirements”). The Security Requirements set forth the measures that U.S. persons must satisfy in order to engage in restricted transactions, and are incorporated by reference into the Final Rule.

Importantly, as we discussed in our analysis of the Advance Notice of Proposed Rulemaking (“ANPRM”) and our analysis of the Notice of Proposed Rulemaking (“NPRM”), the Final Rule is a national security regulation designed to address identified risks to U.S. national security—not a privacy regulation designed to protect privacy or other individual interests. Consequently, while the Final Rule regulates transactions involving personal data, many of the concepts and definitions diverge materially from those in existing privacy regimes. The Final Rule stems from the U.S. government’s increasing unwillingness to tolerate foreign adversary access to U.S. personal data. As DOJ explained in the preamble to the Final Rule, “[t]his rule will prevent . . . foreign adversaries from legally obtaining [bulk U.S. sensitive personal data or government-related data] through commercial transactions with U.S. persons, thereby stemming data flows and directly addressing the national security risks identified in the [EO].” DOJ cited examples such as (1) the ability of journalists to track the movements of U.S. President Joe Biden, U.S. Vice President Kamala Harris, and now President-Elect Donald Trump through their bodyguards’ use of a fitness app; and (2) the ability to track U.S. government personnel movement through the purchase of location information and digital advertising data—that demonstrate the U.S. national security risks associated with foreign adversary access to commercially available data. Finally, DOJ made a particular point of explaining that certain data that is anonymized or depersonalized presents U.S. national security risks, especially with respect to the ability of adversaries to use “bulk human genomic data[] to enhance military capabilities that include facilitating the development of bioweapons.”Continue Reading Department of Justice Issues Final Rule to Implement Bulk U.S. Sensitive Personal Data and Government-Related Data Executive Order

Updated August 8, 2023.  Originally posted May 1, 2023.

Last week, comment deadlines were announced for a Federal Communications Commission (“FCC”) Order and Notice of Proposed Rulemaking (“NPRM”) that could have significant compliance implications for all holders of international Section 214 authority (i.e., authorization to provide telecommunications services from points in the U.S. to points abroad).  The rule changes on which the FCC seeks comment are far-reaching and, if adopted as written, could result in significant future compliance burdens, both for entities holding international Section 214 authority, as well as the parties holding ownership interests in these entities.  Comments on these rule changes are due Thursday, August 31, with reply comments due October 2.

Adopted in April, the FCC’s item proposing the new rules also includes an Order requiring all holders of international Section 214 authority to respond to a one-time information request concerning their foreign ownership. Although last week’s Federal Register publication sets a comment deadline for the proposed rules, the reporting deadline for the one-time information request has not yet been established.  However, because the FCC has fulfilled its statutory obligations regarding the new information collection presented by the one-time reporting requirement, carriers — as well as entities holding an ownership interest in these carriers — should prepare for the announcement of the reporting deadline.

The FCC’s latest actions underscore the agency’s ongoing desire to closely scrutinize foreign ownership and involvement in telecommunications carriers serving the U.S. market, as well as to play a more active role in cybersecurity policy. These developments should be of interest to any carrier that serves the U.S. market and any financial or strategic investor focused on the telecommunications space, as well as other parties interested in national security developments affecting telecommunications infrastructure.

Proposed Rule Changes for International Section 214 Authority

The FCC’s proposed changes to its regulation of international Section 214 authorizations generally concern additional compliance, disclosure, and reporting requirements. The FCC’s proposed rule changes are far-reaching, but the most notable of the proposals concern the following:Continue Reading Comments Due August 31 on FCC’s Proposal to Step Up Review of Foreign Ownership in Telecom Carriers and Establish Cybersecurity Requirements

May 23, 2023, Covington Alert

The U.S. Department of the Treasury (“Treasury”), in its capacity as chair of the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”), recently posted two new frequently asked questions (“FAQs”) to CFIUS’s website that have important implications for parties planning transactions subject to the Committee’s jurisdiction.

First, CFIUS confirmed its recent practice of requiring detailed information on all direct or indirect foreign ownership involved in a transaction, including disclosure of all limited partners (or “LPs”) of an investment fund, without regard to any pre-existing agreements between the fund sponsor and investor regarding disclosure.

Second, CFIUS offered guidance regarding the meaning of “completion date” for purposes of when a mandatory filing must be submitted for a multi-stage transaction. The guidance could have broad implications, especially for some venture financing transactions, as it introduces uncertainty regarding the ability of investors to use a staged transaction to acquire an initial, passive equity interest prior to submitting a mandatory CFIUS filing with respect to a subsequent acquisition of control or certain non-passive rights. The new guidance seems at odds with language that appears in the preamble to the regulations implementing the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”), and the practice of transaction parties for the last several years. CFIUS did not provide any explanation for this change, which raises questions as to why the Committee has issued the guidance now.

Each of these developments is discussed in more detail below.

1. CFIUS may require detailed information regarding all foreign persons involved directly or indirectly in a transaction, including limited partners in an investment fund.

Treasury published the following FAQ on May 11:

Does CFIUS require information on all foreign persons, such as limited partners in an investment fund, that would hold an interest in a U.S. business, whether directly or indirectly, as part of the transaction?Continue Reading CFIUS Issues Guidance On Disclosure of Information About Limited Partner Investors and Application of Mandatory Filing Rules to Multi-stage Transactions