On October 27, 2015, the U.S. Senate passed the Cybersecurity Information Sharing Act (CISA) (S. 754) by a 74-21 vote. This legislation is intended to prevent cyberattacks by encouraging companies to share information related to cyber threats with other companies as well as the federal government. As discussed in a previous update, the U.S. House of Representatives passed similar legislation in April. Lawmakers from the Senate and the House now will work in conference in the coming weeks to consolidate the bills before presenting to President Obama for his signature.
Though the White House and supporters such as the U.S. Chamber of Commerce and the American Bankers Association favor this legislation, several high-tech firms, industry trade groups and privacy advocates have cautioned against the bill. Most notably, high-profile tech companies such as Apple, Dropbox, Twitter, Reddit and Yelp believe the bill will allow the federal government to conduct surveillance on their users' private information. Though CISA co-sponsors Sen. Richard Burr (R-NC) and Sen. Dianne Feinstein (D-CA) have said that the bill includes provisions to protect customer data, opponents of CISA believe it is fundamentally flawed and offers little benefits, if any. It is unclear how Congress will reconcile these pending measures, though privacy advocates hope for stronger limitations on the usage of information by the federal government.
Bass, Berry & Sims will continue to monitor and provide updates as we track cybersecurity legislation. If you have questions regarding the potential effects of this legislation, or any other cybersecurity concerns related to your organization, please contact an attorney on our Data Security & Privacy Team.