Client Alerts

House Passes Cybersecurity Bills to Enable Companies to Share Threat Information

By: Frances Floriano Goins and Michael A. Marrero

About: Cybersecurity & Privacy

On April 22 and 23, 2015, the U.S. House of Representatives passed H.R. 1560, the Protecting Cyber Networks Act (PCNA), and H.R. 1731, the National Cybersecurity Protection Advancement (NCPA) Act of 2015. The bills are intended to improve national cybersecurity by establishing a legal framework that encourages companies to share cybersecurity information with each other and government entities in order to better track, assess, and address cyber threats. Both bills exempt companies that share information from liability, absent any willful misconduct by that party. Furthermore, the bills also require removal of certain personal information to protect individuals’ privacy.

H.R. 1560 and H.R. 1731: At a Glance
The PCNA will protect from liability companies that choose to share cyber threat information either with each other, or with the government. There are measures in the Bills designed to protect personal information. First, the company providing the data would be responsible for removing personal information before it handed the data off to the government. Second, the government agency that receives the data would also scrub the data to ensure no personal information is shared. This schematic for liability protection will, according to proponents of the bill, encourage companies to actually share the cybersecurity information that will be used to address future cyber threats. The NCPA, passed one day after the PCNA and with overwhelming support, establishes the Department of Homeland Security as the intermediary for sharing the cyber threat information that falls under the umbrella of the PCNA.

Next Steps
The Senate, which continues to evaluate its own version of cybersecurity threat information sharing legislation, will now have an opportunity to consider and vote on both bills. While there is evidence to suggest that the bills may receive similarly strong support in the Senate, it is difficult to say with certainty whether the bills will be passed. What is more certain, given the timing and current traffic jam of other potentially higher profile bills pending in the Senate, is that a quick turnaround is unlikely. Prior to the House passing of H.R. 1560, the White House expressed its public support for the bill, continuing a trend of increased attention on cybersecurity in Congress and from President Obama.

We will continue monitoring developments in cybersecurity legislation, and will provide you with additional information about the changes and potential impact as they become clearer. If you have any questions, or would like additional information, please contact a member of the Data Privacy & Information Security Practice at Ulmer & Berne LLP.