In August 2015, we reported on the US Bill known as the Cyber Information Sharing Act (Bill). The impacts of the Bill and the concerns raised by the US Department of Homeland Security are discussed in our August 2015 blog, which can be found here.
The controversial Bill seeks to reduce the threat and impact of cyber-attacks on the economic health and overall national security of the US by allowing private sector companies to disclose to the US Government the types of cyber-attacks they face, the methods used to prevent such attacks and the methods used to mitigate the effect of such attacks. Such information will allow the US Government to assess current measures and develop recommendations. In exchange for such disclosure, participating businesses will enjoy certain concessions and immunity against breach of privacy fines.
Such information sharing may affect the rights of consumers whose privacy rights may be compromised by the Bill's requirement that information regarding cyber-attacks be shared in 'real time'.
On 27 October 2015, the US Senate passed the Bill by a 74-21 vote. This overwhelming support from the Senate highlights the growing concerns within the US Government regarding the prevalence of cyber-attacks/security breaches and the need for a strong government response. It is consistent with President Obama's declaration at the State of the Union address in January 2015 that cyber security is a government priority.
The willingness of the Senate to allow government access to information and thus override citizens' individual privacy rights is a policy choice usually reserved for matters of National Security.