House Passes the National Cybersecurity Protection Advancement Act


Following Wednesday’s approval of the Protecting Cyber Networks Act (H.R.1560) (“PCNA”), the House of Representatives passed the National Cybersecurity Protection Advancement Act (H.R. 1731) (“NCPAA”) on Thursday, a move which was view by the technology, telecommunications, and infrastructure companies as a critical compliment to the PCNA.

The NCPAA grants companies protection against liability for sharing data with the Department of Homeland Security (“DHS”) by amending the Homeland Security Act of 2002 to encourage voluntary information sharing about cyber threats, with liability protections, between and among the private sector and Federal government. Without these liability protections, companies sharing data pursuant to the PCNA could expose themselves to class actions or increased regulatory enforcement actions. Responding to privacy concerns, the NCPPA also includes numerous provisions to ensure the protection of the privacy of American citizens and ensure that shared cyber threat information is solely used for cybersecurity purposes.

Specifically, the NCPAA allows the DHS’s national cybersecurity and communications integration center (“NCCIC”) to include tribal governments, information sharing and analysis centers, and private entities among its non-federal representatives. The Act also expands the NCCIC’s functions to include global cybersecurity with international partners; requires federal and non-federal entities to take reasonable efforts to remove and safeguard information that can be used to identify specific persons and that is unrelated to cybersecurity risks or incidents prior to sharing; prohibits federal entities from using shared indicators or defense measures to engage in surveillance or other collection activities for the purpose of tracking an individual’s personally identifiable information and bars the usage of such information for regulatory purposes; establishes a private cause of action for a person to bring against the federal government if a federal agency intentionally or willfully violates restrictions on the use and protection of voluntarily shared indicators or defense measures; and exempts from antitrust laws non-federal entities that, for cybersecurity purposes, share certain indicators, measures or assistance in accordance with the NCPAA.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Polsinelli | Attorney Advertising

Written by:


Polsinelli on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.