Scarinci Hollenbeck, LLC
The Firm
201-896-4100 info@sh-law.comFirm Insights
Cybersecurity Information Sharing Act Business Guidance
Author: Scarinci Hollenbeck, LLC
Date: July 6, 2016
Key Contacts
Back
The Department of Justice and the Department of Homeland Security recently issued guidance that clarifies how the Cybersecurity Information Sharing Act (CISA) will impact the business community.
The agencies specifically addressed the procedures for voluntarily sharing “cyber threat indicators,” as well as the application of the law’s immunities provision.
Basic Provisions of the Cybersecurity Information Sharing Act
The goal of CISA, which was enacted last December as part of the Cyber Security Act of 2015, is to promote information sharing regarding cyber threats impacting the private sector. Under the new law, federal agencies, such as the DHS, are authorized to alert businesses about potential cyber threats. At the same time, the law also creates procedures for businesses to share information about cyberattacks or data intrusions with both federal agencies and other private entities.
To encourage information sharing, companies that participate in the program are shielded from liability for violating privacy-protection or antitrust laws, provided that the information is shared in accordance with CISA. Most notably, the law requires that companies remove personally identifiable information from any data shared, unless that information is directly related to the threat.
Cyber Threat Information Shared Between Private Entities
Section 104(c) of CISA allows non-federal entities to share cyber threat indicators and defensive measures with any other entity—private, federal, state, local, territorial, or tribal—for a “cybersecurity purpose.” However, previous guidance did not specifically address how private entities may share cyber threat indicators and defensive measures with each other. As a result, it was unclear whether CISA’s liability protections extended to business to business communications.
The latest CISA guidance from the DOJ/DHS provides a detailed summary of the protections and exemptions that non-governmental entities receive for sharing cyber threat indicators and defensive measures with each other in accordance with CISA. It also expressly states: “CISA authorizes private entities to share cyber threat indicators and defensive measures with other private entities. … It also provides private entities with liability protection for conducting such sharing in accordance with CISA.”
Additional Guidance Provided by DOJ/DHS
The latest CISA guidance also addresses several other key issues, including how to identify and share cyber threat indicators and defensive measures. For instance, it emphasizes “cyber threat indicators and defensive measures will typically consist of technical information that describes attributes of a cybersecurity threat that generally need not include various categories of information that are considered sensitive and, therefore, protected by privacy laws.”
Cybersecurity Information Sharing Act Guidance Tips
The guidance provides specific examples of information unlikely to be directly related to a cybersecurity threat and is, therefore, inappropriate to share, including:
- Protected health information;
- Human resource information contained within an employee’s personnel file;
- Consumer information and history, including information covered by the Fair Credit Reporting Act;
- Educational history, including transcripts and information protected pursuant to Family Educational Rights and Privacy Act;
- Financial information, including bank statements, loans, and information protected by the Gramm-Leach-Bliley Act;
- Children’s information, including that protected under Children’s Online Privacy Protection Act; and
- Other identifying information protected by state privacy laws.
Businesses big and small can benefit from these guidelines. The challenge often lies in figuring out what is necessary for your company, what should be a priority, and how best to determine and integrate both technology and training into your operations.
Do you have any feedback, thoughts, reactions or comments concerning this topic? Feel free to leave a comment below for Fernando M. Pinguelo and follow the twitter accounts @CyberPinguelo and @eWHW_Blog for timely comments on related issues. If you have any questions about this post, please contact me or the Scarinci Hollenbeck attorney with whom you work. To learn more about data privacy and security, visit our Cyber Security & Data Protection page.
For more posts dealing with Cybersecurity, check out:
- Cyber Threats on Small Business Come From All Angles
- NJ Supreme Court Addresses Use of Metadata in Electronic Documents
- Computer Hacking Defendant Loses in Supreme Court, Violates CFAA
- Practices: Corporate Transactions & Business
- Locations: Red Bank, NJ, New York City, Little Falls, NJ
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Related Posts
See all
New York NDA Requirements for Businesses
Non-disclosure agreements (NDAs) remain a critical tool for protecting sensitive business information. However, New York NDA requirements have evolved, and businesses must ensure these agreements are carefully drafted to remain enforceable. In a competitive market like New York City, NDAs are commonly used to protect proprietary information, client relationships, and strategic plans. At the same […]
Author: Dan Brecher
New Jersey Will Contest Grounds Explained
How Courts Evaluate Testamentary Capacity and Undue Influence Will contests in New Jersey are difficult to win, given the strong presumption that a properly executed will reflects the testator’s intent. However, challenges based on lack of testamentary capacity and undue influence remain common, particularly where there are concerns about mental capacity or the involvement of […]
Author: Marc J. Comer
Legal Issues Before Bringing on Investors
Bringing on outside investors can provide the capital and strategic support a business needs to grow. However, raising capital also introduces important legal, financial, and operational considerations. Before bringing on investors, businesses should address key legal issues to reduce risk, streamline investor due diligence, and position the company for long-term success. Early preparation signals that […]
Author: Dan Brecher
SECURE 2.0 RMD Planning Strategies
How the Updated Law Shapes Retirement and Estate Planning The SECURE 2.0 Act of 2022 materially reshapes the required minimum distribution (RMD) landscape, extending tax deferral opportunities while accelerating distribution requirements for many beneficiaries. For high-net-worth individuals and families, these changes are not merely technical. They require a reassessment of retirement income strategies, beneficiary planning, […]
Author: Marc J. Comer
Buying Commercial Property in New Jersey: Legal Guide for Small Businesses
Small businesses considering buying commercial property in New Jersey must evaluate a range of legal, financial, and operational factors. While ownership can offer long-term value and control, it also introduces significant risks if not properly structured. This guide outlines key considerations to help New Jersey business owners make informed decisions, minimize legal exposure, and successfully […]
Author: Robert L. Baker, Jr.
The SEC’s Latest Guidance on Applying Federal Securities Laws to Tokenized Securities
On January 28, 2026, staff of the U.S. Securities and Exchange Commission’s Divisions of Corporation Finance, Investment Management, and Trading and Markets issued a joint statement clarifying how existing federal securities laws apply to tokenized securities. The SEC’s “Statement on Tokenized Securities” does not establish new law, but it does provide greater clarity on the […]
Author: Dan Brecher
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.