Cyber info sharing bill passes committee

March 27, 2015

WASHINGTON (3/30/15)--A bill intended to increase the sharing of information on cyberthreats was passed by the U.S. House Permanent Select Committee on Intelligence last week.

The Protecting Cyber Networks Act (H.R. 1560) permits only voluntary sharing by the private sector of cyberthreat indicators only for cybersecurity purposes.

The bill also:

  • Prohibits the government from forcing private sector entities to provide information;
  • Requires companies to remove personal information before information is shared, and the federal agency receiving cyberthreat indicators to perform a second check for personal information before sharing it with other relevant federal agencies;
  • Limits the private-to-private sharing to only cyberthreat indicators and defensive measures to combat a threat;
  • Imposes strict restrictions on the use, retention and searching of any data voluntarily shared by the private sector with the government;
  • Does not shield a company from willful misconduct in the course of sharing cyberthreat indicators but provides liability protections for companies that share in good faith;
  • Permits individuals to sue the federal government for intentional privacy violations in federal court; and
  • Requires a detailed biennial inspectors general report of appropriate federal entities of the government's receipt, use and dissemination of cyberthreat indicators. The Privacy and Civil Liberties Oversight Board (a bipartisan agency within the executive branch) must also submit a biennial report on the privacy and civil liberties impact of the act.

A similar bill was passed by the Senate Intelligence Committee last month.