On Thursday, April 23, the U.S. House of Representatives passed a second bill that will seek to combat the issue of data breaches by encouraging private companies to share information about their network security and cyberattacks with the federal government.
Companies that disclose this information to the government and follow the bill’s outlined procedures will be protected from liabilities and lawsuits, according to NewsFactor.com.
Until now, many private companies have been reluctant to share internal data about their network security for fear of being sued. This reluctance has made it difficult for the federal government to fight cyber-criminals that steal personal information from company databases.
The bill received strong bipartisan support, passing with a 355-63 vote. It will be merged with a similar cyber-security bill passed the day before and sent to the Senate for approval. The White House has voiced support for the bill, but also expressed concerns that such sweeping protection from liabilities could grant undue immunity to companies that fail to act on information regarding their network security.
“Liability mitigation has always been a driving force in prompting business to comply with security regulations,” said Michael Hladczuk, CEO of Integrated Technology Services. “This new bill seems to be another incentive to further that cause. Small business owners often have a difficult time in seeing the benefit of enhanced security. Perhaps this legislation will prompt them to action.”
The bill would require companies to remove personal information from their network security systems before sharing it in real time via a civilian portal, which will more than likely be handled by the Department of Homeland Security, InHomelandSecurity.com reported.
This provision — that no personal or private data be shared with the government — quells concerns voiced by privacy groups over similar efforts that employees’ personal information would unknowingly be sent to the National Security Agency (NSA). While the House bill allows the NSA to access this network security data, it only allows the agency to do so after personal details have been removed.