CISA, which passed by a vote of 74-21, grants legal immunity to private companies who share cyber threat information with the Department of Homeland Security. The House passed two versions of the law earlier this year, but privacy advocates had been pressing for the Senate to either reject the bill entirely or pass amendments tightening controls over personally identifiable information that might get swept up and sent to the government.
One Senator has senator called it a “surveillance bill”.
CISA, the Cybersecurity Information Sharing Act (S. 754), will allow private companies to share cyber-threat data with the federal government, including personal user data, in an effort to prevent cyber attacks, such as those on the scale of Target, Home Depot, and Sony. Companies that share data with federal agencies, including the National Security Agency (NSA), will be given legal and liability protections from lawsuits relating to data sharing.