U.S. House committee passes cyber data-sharing bill

By Erin Ayers on March 25, 2015

house_of_representatives_sealThe U.S. House of Representatives’ Select Intelligence Committee this week introduced the Protecting Cyber Networks Act, a measure that would enable private companies to more freely share cyber threat data among themselves and with the government – but specifically not the National Security Agency or Department of Defense.

“We cannot continue to allow outdated laws to be the barriers to solutions,” stated Rep. Lynn Westmoreland. “The Protecting Cyber Networks Act enhances our cybersecurity by allowing information sharing on imminent cyber threats between the private and public sectors, and by ensuring that personally identifiable information is not compromised during the process. When we empower American businesses and citizens to work together, we can fight back against hackers and cyberterrorists for the good of our nation and all its people.”

The bipartisan bill makes specific requirements for the protection of consumers’ personal information and offers liability protections only “for companies that share in good faith,” according to a Committee summary. Per the bill, companies must expunge all identifying details and the government must do a second check. The government would also be prohibited from forcing the private sector to share information and the language specifies that data sharing is strictly limited to “cyber threat indicators and defensive measures to combat a cyber threat.”

Committee Ranking Member Adam Schiff commented, “Cyber attacks and theft have cost this country billions of dollars and thousands of jobs, and have compromised the private information of millions of Americans. A voluntary cyber information sharing bill will help us defend against this pernicious threat, and the time to act is now. Intellectual property that took American companies years to develop is being stolen in a flash, and consumers’ information is being spread maliciously across the web for personal gain.  Our bipartisan bill will ensure that businesses and government have the information they need to help defend against this growing threat, while safeguarding the privacy of the targets of these attacks. It’s my hope that the House takes up this bipartisan bill soon after the House Intelligence Committee advances it, and that we work with the Senate, the White House and outside stakeholders to make any necessary improvements on its way to the President’s desk.”

The U.S. Senate Intelligence Committee recently passed similar legislation, the Cybersecurity Information Sharing Act, which raised concerns from privacy advocates who stated that such legislation amounts to little more than a free pass for broader government surveillance.

Insurance industry representatives last week advocated federal legislation providing liability protections for businesses that share threat data to boost the nation’s cybersecurity posture as well as create a wider pool of data for insurance underwriting purposes.

erin.ayers@zywave.com'

Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].