Certain sensitive data will have to be destroyed within five years Credit: Reuters/Larry Downing The U.S. Central Intelligence Agency on Wednesday updated rules relating to the collection, retention and dissemination of information of U.S. persons, including putting a limit of five years on holding certain sensitive data and introducing restrictions for querying the data.The announcement by the spy agency comes a couple of days before a new administration under President-elect Donald Trump takes charge, and could address to an extent concerns expressed by civil rights groups about the collection and handling of information of U.S. persons in the course of overseas surveillance. Such information is collected by the CIA under Executive Order 12333.Earlier this month the director of the CIA John Brennan and Attorney General Loretta E. Lynch approved the new rules, called the Attorney General Guidelines, to update the CIA’s procedures, some of which had not been significantly updated since 1982, the agency said in a statement. The new rules come into force on March 18. Under the new rules published online, unevaluated information is presumed to include incidentally acquired information concerning U.S. persons. Unevaluated information such as nonpublic telephone and electronic communications, including communications in electronic storage, acquired without the consent of a person who is party to the communications, shall be destroyed no later than five years after the information was made available to the agency. Unevaluated information anticipated to have “U.S. Person Identifying Information” that is significant in volume or sensitivity shall also be subject to the same rules. The five year limitation can be extended in certain circumstances such as an imminent threat to human life, with certain procedures and authorizations to be followed first.The new rules also place limits on the querying of such data. Queries of particularly sensitive data sets, such as the contents of communications, have when practicable to be accompanied by a statement explaining the purpose for the query when retrieving information concerning a U.S. person, the agency said. The CIA is also trying to collect less data that would require lesser people and time to evaluate it. “Today, in addition to traditional intelligence scenarios, a single storage device may contain the equivalent of millions of pages of information, hours of video, thousands of photos, or more,” the agency said in its statement.The Attorney General Guidelines require the agency to take steps to limit information collection to the smallest subset of data necessary to achieve its intelligence objectives, which would also mean lesser instances of accidental collection of information of U.S. persons in unevaluated data. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe