Given the expansive definition of “data broker” in the Protecting Americans’ Data From Foreign Adversaries Act of 2024 (Act) and its effective date of June 23, 2024, companies should act now to evaluate whether they have data sharing activities that are high risk or likely to be in scope of the Act. The Act prohibits “data brokers” from sharing “personally identifiable sensitive data” with designated adversary countries and certain persons and entities controlled by those countries. This article examines the Act’s key definitions and offers practical suggestions for preparing to comply, featuring insights shared during a recent International Association of Privacy Professionals (IAPP) program by Hilary Wandall, chief ethics and compliance officer at Dun & Bradstreet, Sam Castic, a partner at Hintze Law, and IAPP managing director Cobun Zweifel-Keegan. See “Navigating the Global Cross-Border Privacy Rules and Privacy Recognition for Processors Certification Systems” (May 29, 2024).