Scarinci Hollenbeck, LLC
The Firm
201-896-4100 info@sh-law.comFirm Insights
Author: Scarinci Hollenbeck, LLC
Date: July 6, 2016
The Firm
201-896-4100 info@sh-law.comThe agencies specifically addressed the procedures for voluntarily sharing “cyber threat indicators,” as well as the application of the law’s immunities provision.
The goal of CISA, which was enacted last December as part of the Cyber Security Act of 2015, is to promote information sharing regarding cyber threats impacting the private sector. Under the new law, federal agencies, such as the DHS, are authorized to alert businesses about potential cyber threats. At the same time, the law also creates procedures for businesses to share information about cyberattacks or data intrusions with both federal agencies and other private entities.
To encourage information sharing, companies that participate in the program are shielded from liability for violating privacy-protection or antitrust laws, provided that the information is shared in accordance with CISA. Most notably, the law requires that companies remove personally identifiable information from any data shared, unless that information is directly related to the threat.
Section 104(c) of CISA allows non-federal entities to share cyber threat indicators and defensive measures with any other entity—private, federal, state, local, territorial, or tribal—for a “cybersecurity purpose.” However, previous guidance did not specifically address how private entities may share cyber threat indicators and defensive measures with each other. As a result, it was unclear whether CISA’s liability protections extended to business to business communications.
The latest CISA guidance from the DOJ/DHS provides a detailed summary of the protections and exemptions that non-governmental entities receive for sharing cyber threat indicators and defensive measures with each other in accordance with CISA. It also expressly states: “CISA authorizes private entities to share cyber threat indicators and defensive measures with other private entities. … It also provides private entities with liability protection for conducting such sharing in accordance with CISA.”
The latest CISA guidance also addresses several other key issues, including how to identify and share cyber threat indicators and defensive measures. For instance, it emphasizes “cyber threat indicators and defensive measures will typically consist of technical information that describes attributes of a cybersecurity threat that generally need not include various categories of information that are considered sensitive and, therefore, protected by privacy laws.”
The guidance provides specific examples of information unlikely to be directly related to a cybersecurity threat and is, therefore, inappropriate to share, including:
Businesses big and small can benefit from these guidelines. The challenge often lies in figuring out what is necessary for your company, what should be a priority, and how best to determine and integrate both technology and training into your operations.
Do you have any feedback, thoughts, reactions or comments concerning this topic? Feel free to leave a comment below for Fernando M. Pinguelo and follow the twitter accounts @CyberPinguelo and @eWHW_Blog for timely comments on related issues. If you have any questions about this post, please contact me or the Scarinci Hollenbeck attorney with whom you work. To learn more about data privacy and security, visit our Cyber Security & Data Protection page.
For more posts dealing with Cybersecurity, check out:
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
The Trump Administration’s new tariffs are having an oversized impact on small businesses, which already tend to operate on razor thin margins. Many businesses have been forced to raise prices, find new suppliers, lay off staff, and delay growth plans. For businesses facing even more dire financial circumstances, there are additional tariff response options, including […]
Author: Brian D. Spector
Business partnerships, much like marriages, function exceptionally well when partners are aligned but can become challenging when disagreements arise. Partnership disputes often stem from conflicts over business strategy, financial management, and unclear role definitions among partners. Understanding Business Partnership Conflicts Partnership conflicts place significant stress on businesses, making proactive measures essential. Partnerships should establish detailed […]
Author: Christopher D. Warren
*** The original article was featured on Bloomberg Tax, April 28, 2025 — As a tax attorney who spends much of my time helping people and companies who have large, unresolved issues with the IRS or one or more state tax departments, it often occurs to me that the best service that I can provide […]
Author: Scott H. Novak
On January 28, 2025, the Trump Administration terminated Gwynne Wilcox from her position as a Member of the National Labor Relations Board (NLRB or the Board). Gwynne Wilcox, a union side lawyer for Levy Ratner, was confirmed to the Board for an original term in 2021 and confirmed again for a successive five-year term expiring […]
Author: Matthew F. Mimnaugh
Breach of contract disputes are the most common type of business litigation. Therefore, nearly all New York and New Jersey businesses will likely have to deal with a contract dispute at least once. Understanding when to file a breach of contract lawsuit and how long you have to sue for breach of contract is essential […]
Author: Brittany P. Tarabour
Closing your business can be a difficult and challenging task. For corporations, the process includes formal approval of the dissolution, winding up operations, resolving tax liabilities, and filing all required paperwork. Whether you need to understand how to dissolve a corporation in New York or New Jersey, it’s imperative to take all of the proper […]
Author: Christopher D. Warren
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!