Scarinci Hollenbeck, LLC
The Firm
201-896-4100 info@sh-law.comFirm Insights
Cybersecurity Information Sharing Act Business Guidance
Author: Scarinci Hollenbeck, LLC
Date: July 6, 2016
Key Contacts
Back
The Department of Justice and the Department of Homeland Security recently issued guidance that clarifies how the Cybersecurity Information Sharing Act (CISA) will impact the business community.
The agencies specifically addressed the procedures for voluntarily sharing “cyber threat indicators,” as well as the application of the law’s immunities provision.
Basic Provisions of the Cybersecurity Information Sharing Act
The goal of CISA, which was enacted last December as part of the Cyber Security Act of 2015, is to promote information sharing regarding cyber threats impacting the private sector. Under the new law, federal agencies, such as the DHS, are authorized to alert businesses about potential cyber threats. At the same time, the law also creates procedures for businesses to share information about cyberattacks or data intrusions with both federal agencies and other private entities.
To encourage information sharing, companies that participate in the program are shielded from liability for violating privacy-protection or antitrust laws, provided that the information is shared in accordance with CISA. Most notably, the law requires that companies remove personally identifiable information from any data shared, unless that information is directly related to the threat.
Cyber Threat Information Shared Between Private Entities
Section 104(c) of CISA allows non-federal entities to share cyber threat indicators and defensive measures with any other entity—private, federal, state, local, territorial, or tribal—for a “cybersecurity purpose.” However, previous guidance did not specifically address how private entities may share cyber threat indicators and defensive measures with each other. As a result, it was unclear whether CISA’s liability protections extended to business to business communications.
The latest CISA guidance from the DOJ/DHS provides a detailed summary of the protections and exemptions that non-governmental entities receive for sharing cyber threat indicators and defensive measures with each other in accordance with CISA. It also expressly states: “CISA authorizes private entities to share cyber threat indicators and defensive measures with other private entities. … It also provides private entities with liability protection for conducting such sharing in accordance with CISA.”
Additional Guidance Provided by DOJ/DHS
The latest CISA guidance also addresses several other key issues, including how to identify and share cyber threat indicators and defensive measures. For instance, it emphasizes “cyber threat indicators and defensive measures will typically consist of technical information that describes attributes of a cybersecurity threat that generally need not include various categories of information that are considered sensitive and, therefore, protected by privacy laws.”
Cybersecurity Information Sharing Act Guidance Tips
The guidance provides specific examples of information unlikely to be directly related to a cybersecurity threat and is, therefore, inappropriate to share, including:
- Protected health information;
- Human resource information contained within an employee’s personnel file;
- Consumer information and history, including information covered by the Fair Credit Reporting Act;
- Educational history, including transcripts and information protected pursuant to Family Educational Rights and Privacy Act;
- Financial information, including bank statements, loans, and information protected by the Gramm-Leach-Bliley Act;
- Children’s information, including that protected under Children’s Online Privacy Protection Act; and
- Other identifying information protected by state privacy laws.
Businesses big and small can benefit from these guidelines. The challenge often lies in figuring out what is necessary for your company, what should be a priority, and how best to determine and integrate both technology and training into your operations.
Do you have any feedback, thoughts, reactions or comments concerning this topic? Feel free to leave a comment below for Fernando M. Pinguelo and follow the twitter accounts @CyberPinguelo and @eWHW_Blog for timely comments on related issues. If you have any questions about this post, please contact me or the Scarinci Hollenbeck attorney with whom you work. To learn more about data privacy and security, visit our Cyber Security & Data Protection page.
For more posts dealing with Cybersecurity, check out:
- Cyber Threats on Small Business Come From All Angles
- NJ Supreme Court Addresses Use of Metadata in Electronic Documents
- Computer Hacking Defendant Loses in Supreme Court, Violates CFAA
- Practices: Corporate Transactions & Business
- Locations: Red Bank, NJ, New York City, Little Falls, NJ
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Related Posts
See all
Corporate Transactions: Best Practices for Successful Deals
Corporate transactions can have significant implications for a corporation and its stakeholders. For deals to be successful, companies must act strategically to maximize value and minimize risk. It is also important to fully understand the legal and financial ramifications of corporate transactions, both in the near and long term. Understanding Corporate Transactions The term “corporate […]
Author: Dan Brecher
How to Conduct a Fair and Legal Employee Termination in 2025
Ongoing economic uncertainty is forcing many companies to make tough decisions, which includes lowering staff levels. The legal landscape on both the state and federal level also continues to evolve, especially with significant changes to the priorities of the Equal Employment Opportunity Commission (“EEOC”) under the Trump Administration. Terminating an employee is one of the […]
Author: Angela A. Turiano
Admin Dissolution for Annual Report: What You Need to Know
While filing annual reports may seem like a nuisance, failing to do so can have significant ramifications. These include fines, reputational harm, and interruption of your business operations. In basic terms, “admin dissolution for annual report” means that a company is dissolved by the government. This happens because it failed to submit its annual report […]
Author: Dan Brecher
What Is Antitrust Litigation Law?
Antitrust laws are designed to ensure that businesses compete fairly. There are three federal antitrust laws that businesses must navigate. These include the Sherman Act, the Federal Trade Commission Act, and the Clayton Act. States also have their own antitrust regimes. These may vary from federal regulations. Understanding antitrust litigation helps businesses navigate these complex […]
Author: Robert E. Levy
Dissolving Your Business: Essential Legal Steps to Protect Your Interests
If you’re considering closing your business, it’s crucial to understand that simply shutting your doors does not end your legal obligations. Unless you formally dissolve your business, it continues to exist in the eyes of the law—leaving you exposed to ongoing liabilities such as taxes, compliance violations, and potential lawsuits. Dissolving a business can seem […]
Author: Christopher D. Warren
The Role of Corporate Restructuring in Mergers & Acquisitions
Contrary to what many people think, corporate restructuring isn’t all doom and gloom. Revamping a company’s organizational structure, corporate hierarchy, or operations procedures can help keep your business competitive. This is particularly true during challenging times. Corporate restructuring plays a critical role in modern business strategy. It helps companies adapt quickly to market changes. Following […]
Author: Dan Brecher
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.