U.S. Congress Releases Compromise Bill on Cybersecurity Information Sharing
Time 2 Minute Read
Categories: Cybersecurity, Information Security, U.S. Federal Law

On December 16, 2015, leaders in the U.S. House of Representatives and Senate released a $1.1 trillion omnibus spending bill that contained cybersecurity information sharing language that is based on a compromise between the Cybersecurity Information Sharing Act, which passed in the Senate in October, and two cybersecurity information sharing bills that passed in the House earlier this year. Specifically, the omnibus spending bill included Division N, the Cybersecurity Act of 2015 (the "Act"). 

Notably, the Act:

  • does not contain the Senate’s provision concerning critical infrastructure at greatest risk. The language required government-directed agencies to report to Congress on the status of cyber incident reporting and develop potential cyber mitigation strategies at critical infrastructure at greatest risk. Many industry advocates expressed concern that this language could be the precursor to cybersecurity regulations regarding certain critical infrastructure facilities;
  • adopts the “knows at the time of sharing” standard for removal of personal information from shared cybersecurity information, as opposed to the higher “reasonably believes at the time of sharing” or “removes to the extent possible” standards;
  • directs that cybersecurity information be shared with the Federal government through a Department of Homeland Security (“DHS”) Portal, but allows the President to designate other portals (including, potentially, the Federal Bureau of Investigation) to also receive shared cybersecurity information;
  • provides liability protection for private entities that share cybersecurity information through the DHS portal, as well as through the presidentially-designated portals;
  • exempts shared cybersecurity information from Freedom of Information Act (“FOIA”) disclosure under existing FOIA exemptions; and
  • adopts the Senate’s longer 10-year sunset.

The House is scheduled to vote on the omnibus spending bill on Friday, with the Senate to follow. The Obama Administration has already signaled that it supports the bill.

Update: On December 18, 2015, President Obama signed into law the omnibus spending bill, which includes the Cybersecurity Act of 2015.

Tags: Congress, Consumer Protection, Department of Homeland Security, Information Sharing, Legislation, Obama Administration, Senate
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
Illinois’ Damages Limitation for Biometric Privacy Violations Applies Retroactively  

On April 1, 2026, the U.S. Court of Appeals for the Seventh Circuit held that the 2024 amendment to Illinois’ Biometric Information Privacy Act, limiting damages, applies retroactively to pending cases.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
Guardrails for Legal AI: What California’s SB 574 Would Require of Attorneys and Arbitrators

As reported on the Hunton Employment & Labor Perspectives blog, SB 574 is a California bill that would set specific duties for attorneys who use generative artificial intelligence and would restrict how arbitrators may use such tools in decision-making.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Oklahoma Enacts Comprehensive Consumer Privacy Law

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page