From: JD Supra Advisor
Reporter, Julie A. Stockton, Palo Alto | King & Spalding
On December 18, 2015, President Obama signed the Cybersecurity Information Sharing Act (“CISA”), which was the culmination of intense negotiations that reconciled three separate cybersecurity bills passed by the U.S. Senate and House of Representatives last year. Of the four titles in CISA, Title I is the most impactful for private entities because it establishes mechanisms by which non-federal entities can share cybersecurity information with each other and with federal departments and agencies. Key provisions of Title I of CISA are outlined below.
CISA is strictly voluntary and does not impose a duty to share information on private entities. Indeed, it expressly prohibits the federal government from tactics intended to coerce parties into sharing cybersecurity threat information. For entities that do participate, CISA provides safe harbors from liability. To trigger the safe harbor protection under the CISA, the entity must share the information in accordance with CISA’s provisions.
Leave a Reply