Privacy & Information Security Law Blog

On April 16, 2013, the Office of the President issued a Statement of Administration Policy that includes a threat to veto the U.S. House of Representatives’ Cyber Intelligence Sharing and Protection Act (“CISPA” or H.R. 624) if further changes are not made to the bill’s privacy protections. Specifically, the Obama Administration recommends that the bill require private entities to remove personal information when sharing cybersecurity information with the government or other private entities.

The House Intelligence Committee approved H.R. 624 on April 10, 2013. According to the Obama Administration, however, senior advisors will recommend that the President veto the bill unless private entities are required to scrub irrelevant personal information before sending cybersecurity data to the government or other private sector entities. The Administration expressed confidence that such protective measures can be developed in a manner that is not overly onerous to businesses sharing the information.

A U.S. Chamber of Commerce coalition has stated in a letter sent on April 10, 2013 to House Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD) that an amendment to CISPA requiring businesses to scrub irrelevant personal information is unnecessary and would defeat the purpose of the bill. The coalition noted that CISPA’s aim is to encourage the sharing of cyber threat information between private entities and the government. Requiring companies to remove personal information from the data, however, would be costly and time-consuming. As a result, the coalition believes that small and mid-size businesses that lack the resources to scrub data would be less inclined to share information. The process of removing personal information also would delay the data sharing process and would hinder the goal of sharing cyber threat information in real time. The full House of Representatives is expected to debate the bill beginning April 17, 2013.