On December 18, 2015, President Obama signed into law a $1.1 trillion omnibus spending bill, which included the Cybersecurity Act of 2015 – a law designed to encourage businesses to voluntarily share information with federal agencies. The law allows companies to share information involving “cyber threat indicators” and “defensive measures” with federal and nonfederal entities. Prior to sharing such information, a private entity must remove information that it knows identifies a specific individual. Additionally, the law permits companies to monitor their information systems “notwithstanding any other law,” so long as it is done for “cybersecurity purposes.” The law provides companies that engage in such authorized monitoring and sharing of information broad protection from civil, regulatory and antitrust liability.

The text of the law is here (PDF). Additional information can be found here.