Peter Carey and Keith M. Gerver of Cadwalader, Wickersham & Taft LLP, write:
When President Obama signed into law the Cybersecurity Act of 2015, which was designed to facilitate information sharing on cybersecurity threats between the public and private sectors, proponents hailed it as “our best chance yet to help address this economic and national security priority in a meaningful way.”1 Others – including some of the biggest players in the technology industry – decried it as “a thinly disguised surveillance provision,” and something to be avoided pending further information on how it would be implemented. Interim guidance issued earlier this year by the Office of the Director of National Intelligence, the Department of Homeland Security, the Department of Defense, and the Department of Justice, lacked many of the details that industry insiders were waiting for.2 Now, with final guidance having been issued (the “Final Guidance”), in-house counsel have more insight into the potential risks and rewards that await companies who opt to participate in the information sharing program, and can advise management and their boards of directors accordingly.3
Read their article on National Law Review.
Distressing to me that “…participation with DHS… may bring a degree of goodwill that outweighs the potential liabilities,” is a consideration in a nation of laws. Sounds more like something you’d do in an authoritarian regime. #bigbrother