On Wednesday, April 22, 2015, the U.S. House of Representatives
passed the Protecting Cyber Networks Act ("PCNA"), which would give
companies certain liability protection against potential lawsuits when
sharing cyber threat data with United States government civilian
agencies (such as the Treasury or Commerce Departments). On Thursday,
April 23, 2015, the House then also passed a complementary measure from
the Homeland Security panel, the National Cybersecurity Protection
Advancement Act ("NCPAA"), which would extend liability protections to
companies only when giving data to the Department of Homeland Security.
Protecting Cyber Networks Act The PCNA
originated in the House Intelligence Committee in an effort to mitigate
the growing problem of cyber-attacks on U.S. networks and American
businesses, and passed in a 307-116 vote. The goal of the PCNA is to
increase the public-private flow of information concerning cyber
threats, and encourage companies to share information regarding
cyber-attacks.[1] Under the PCNA, affected companies would provide such
information to an agency other than the National Security Agency or the
Department of Defense.[2] Pursuant to the PCNA, the federal government
would be able to share cyber-attack information with state and local
governments, private entities, and non-federal government agencies,
among others.[3]
The bill has been met with opposition from privacy advocates, among
others, who are concerned it will provide a means by which companies and
government agencies could provide sensitive information to the National
Security Agency (NSA) and bolster its surveillance authority.[4] They
are concerned that the entity which receives the information might still
turn it over to the NSA, even though the act provides that information
will not be provided to the NSA.
National Cybersecurity Protection Advancement Act
The
NCPAA, which originated in the House Homeland Security Committee, was
passed by a vote of 355-63. The aim of the bill is to promote the
sharing of cyber-attack information between companies and with the
Department of Homeland Security by providing liability protections.[5]
One of the key differences in the bills is that the NCPAA only allows
information sharing with the Department of Homeland Security while the
PCNA provides companies the flexibility to choose to share cyber threat
indicators or defensive measures with a number of different government
agencies.
It appears that privacy advocates did not express the same concerns
about this bill, likely because it has certain limitations surrounding
information sharing. For example, under the NCPAA, there cannot be any
federal use of shared information to track individuals’ personally
identifiable information. The NCPAA also includes language that would
require the Department of Homeland Security to create and annually
review privacy and civil liberties policies and procedures governing the
"receipt, retention, use, and disclosure" of information shared with
the Department of Homeland Security’s National Cybersecurity and
Communications Integration Center in accordance with the bill.[6]
Senate Consideration and Potential Issues
The
bills were combined and sent to the Senate for consideration.[7]
However, passage in the Senate likely will not be automatic, because
privacy advocates, among others, continue to voice concerns over
provisions they believe are too broad. Some also believe that consumer
protection advocates will oppose the bill because they do not want
companies to have legal immunity for weak security practices solely
because they report incidents to the government. In an effort to
mitigate opposition to the liability shield, the drafters of the bills
attempted to more specifically define the protections companies would
have if they voluntarily share data with other companies and the federal
government.[8] This resulted in language that protects companies from
liability so long as they refrain from willful misconduct and make a
"good faith" effort to remove extraneous personal information and comply
with the bill.[9]
President Barack Obama recently commented that he supported the
passage of both House bills, but indicated changes are needed to address
issues concerning their "sweeping liability protections."[10]
ConclusionThe passage of the PCNA and NCPAA by
the House represent an important step in addressing increasing
cybersecurity problems facing the public and private sectors. While the
Senate will likely make further revisions to the legislation to address
continuing privacy concerns, if it becomes law it will provide
additional tools to help combat cyber-attacks.
This legislation is part of a renewed focus on privacy and data
protection in the United States that began with President Obama’s State
of the Union address in January. Congress is also currently considering
legislation relating to more uniform data breach notification laws.
Companies should pay close attention to these developments as the
country heads into the next election cycle.
Link Source
Terimakasih atas kunjungan Kamu Karena telah Mau membaca artikel House Passes Cyber Sharing Bills and Congress is Focusing on Data Protection. Tapi Kurang Lengkap Rasanya Jika Kunjunganmu di Blog ini Tanpa Meninggalkan Komentar, untuk Itu Silahkan Berikan Kritik dan saran Pada Kotak Komentar di bawah. Kamu boleh menyebarluaskan atau mengcopy artikel House Passes Cyber Sharing Bills and Congress is Focusing on Data Protection ini jika memang bermanfaat bagi kamu, tapi jangan lupa untuk mencantumkan link sumbernya. Pengunjung yang baik akan memberikan komentarnya di sini :p. Terima Kasih :)
- Copyright © Sharing All of The World - Date A Live - Powered by Blogger - Designed Editing by Sandra Utama Putra - and Supported by Dila Yolanda -
