Post-CISA Data Breach Investigations: Safe To Share?
12 February 2016Law360
On Dec. 18, 2015, the Cybersecurity Information Sharing Act became law, providing liability protection as an incentive to private sector and other nonfederal entities for sharing and receiving cyberthreat indicators and defensive measures with the federal government. On Feb. 16, 2016, the U.S. Department of Homeland Security and the U.S. Department of Justice are expected to publicly release interim guidelines for such sharing. While there is no requirement for the private sector to share or receive information, following the guidelines is required for liability protection under the act. Lawyers should prepare to advise clients whether it is now safe to share.