Congress Steps Up Efforts to Pass Cybersecurity Legislation

Congress has been trying for several years to pass cybersecurity legislation, and the number of bills hitting the hopper has increased steadily over recent months. Nearly half a dozen bills have been introduced since January 2014 alone. Senate Intelligence Committee Chairman Dianne Feinstein (D-CA) and Vice Chairman Saxby Chambliss (R-GA) circulated another draft bill—The Cybersecurity and Information Sharing Act of 2014—last week. The recent uptick is no surprise in light of significant incidents of consumer data theft in the United States.

Like the proposed legislation before it, the draft Cybersecurity and Information Sharing Act is concerned with the theft of personal and financial information from company and government computer systems. In order to combat incidents of theft, the draft bill contains provisions that would allow for greater sharing of information among government and private sector entities. For example, the Secretary of Homeland Security would be required to timely share even classified information about cyber threats with cleared representatives of “appropriate entities.”

Private entities would also be able to constantly monitor their own systems, and those of other entities if given permission, to ferret out possible cyber threats. If a private company identifies a cyber threat, it could then engage in “countermeasures” to eliminate, prevent or minimize the threat. The draft bill does not elaborate on exactly what those “countermeasures” might include, but does contemplate that they will be executed on both private and government systems, as appropriate. In an attempt to alleviate previous concerns that data sharing would open companies up to litigation under the privacy laws, private entities engaged in monitoring and sharing information about cyber threats consistent with the proposed law would be exempt from suit. 

In a joint statement regarding the release of the draft bill, Feinstein and Chambliss indicated that they have circulated the draft to “relevant parties in the executive branch, private industry and the privacy community” for comment, and that once comments are received, the pair will “consider the final legislation.” Given the uncertain timeframe for the collection of comments and introduction of a formal bill, it is unlikely that the Senate will be able to reach an agreement on a comprehensive cybersecurity bill before the end of the year. Additionally, the legislative calendar is already crowded with other priority items such as the annual appropriations process and action on tax extender provisions. Further complicating matters is the approaching 2014 mid-term elections. Nonetheless, cybersecurity does remain a priority for Congress, and additional action could take place late this year, possibly during the lame duck session.



Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Akin Gump Strauss Hauer & Feld LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.