President Obama Issues Executive Order Urging Industry to Share Cybersecurity Information

Published On February 18, 2015 | By Anna Hsia | Data Security, General
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

We previously blogged about President Obama’s increased focus on privacy and data security issues. Consistent with that focus, on February 13, 2015, President Obama issued an Executive Order entitled, “Promoting Private Sector Cybersecurity Information Sharing.”

The Order urges companies to develop and join “Information Sharing and Analysis Organizations” (“ISAOs”), where members can share information related to cybersecurity risks and incidents to better prevent cyber threats. ISAO membership may be based on any affinity, including industry sector, or as a response to particular cyber threats or vulnerabilities. ISAOs may include public or private sector members, and they may be formed as for-profit or nonprofit entities. Significantly, the Order contemplated situations where the federal government may grant ISAOs security clearance so that the federal government may share classified information with the ISAOs. Recognizing the privacy implications, the Order also called for information sharing to be conducted pursuant to appropriate protections for privacy and civil liberties.

Companies in most industries have balked at sharing this type of data. Among other things, companies have historically been concerned that sharing such data will expose the company to legal liability, and they have called for safe harbor from liability. Though the Order did not grant this safe harbor, it incentivizes companies by granting companies potential access to critical classified information that could be used to thwart cyber attacks. Without the safe harbor, however, it remains to be seen whether the industry will be willing to share cyber threat data, and whether the sharing of that data will lead to civil actions and other legal liability.

Photo from from Flickr
Photo cropped from original 

About The Author

Anna Hsia maintains a diverse practice litigating complex business disputes and counseling clients on privacy issues. With broad litigation experience in unfair competition, false advertising, class actions, and other complex litigation, Anna guides clients through disputes in federal and state courts. As a Certified Information Privacy Professional, Anna has assisted clients with product development and compliance with privacy regulations such as the TCPA, HIPAA, COPPA, state-specific privacy regulations, the Gramm-Leach-Bliley Act, and the Fair Credit Reporting Act.