§ 800.226 - Identifiable data.  


Latest version.
  • § 800.226 U.S. business.

    The term U.S. business means any entity, irrespective of the nationality of the persons that control it, engaged in interstate commerce in the United States, but only to the extent of its activities in interstate commerce.

    Example 1.

    Corporation A is organized under the laws of a foreign state and is wholly owned and controlled by a foreign national. It engages in interstate commerce in the United States through a branch or subsidiary. Its branch or subsidiary is a U.S. business. Corporation A and its branch or subsidiary is each also a foreign person should any of them engage in a transaction involving a U.S. business.

    Example 2.

    Same facts as in the first sentence of Example 1. Corporation A, however, does not have a branch office, subsidiary, or fixed place of business in the United States. It exports and licenses technology to an unrelated company in the United States. Assuming no other relevant facts, Corporation A is not a U.S. business.

    Example 3.

    Corporation A, a company organized under the laws of a foreign state, is wholly owned and controlled by Corporation X. Corporation X is organized in the United States and is wholly owned and controlled by U.S. nationals. Corporation A does not have a branch office, subsidiary, or fixed place of business in the United States. It exports goods to Corporation X and to unrelated companies in the United States. Assuming no other relevant facts, Corporation A is not a U.S. business.

    Identifiable data.

    The term identifiable data means data that can be used to distinguish or trace an individual's identity, including through the use of any personal identifier. Aggregated data or anonymized data is identifiable data if any party to the transaction has, or as a result of the transaction will have, the ability to disaggregate or de-anonymize the data, or if the data is otherwise capable of being used to distinguish or trace an individual's identity. Identifiable data does not include encrypted data, unless the U.S. business that maintains or collects the encrypted data has the means to de-encrypt the data so as to distinguish or trace an individual's identity.