After years of discussions, numerous draft bills and extended debates about the privacy and liability risks associated with information sharing, on December 18, 2015, President Obama signed into law the Cybersecurity Act of 2015 as part of the omnibus spending bill. Title I of the Act, Cybersecurity Information Sharing (CISA), establishes a framework for sharing and receiving cyber threat information among the private sector and federal government entities. It shields companies from liability for sharing cyber threat information in accordance with certain procedures, as well as for specific actions undertaken to defend or monitor corporate networks. Saxby Chambliss, DLA Piper partner and former U.S. Senator who served on the Senate Select Committee on Intelligence and sponsored an earlier cybersecurity bill, told the Cybersecurity Law Report that this Act “is going to be beneficial to both big and small companies. It is another tool in the toolbox that allows companies to protect their systems and the information that is on them.” However, Shahryar Shaghaghi, BDO Consulting’s managing director and technology advisory leader, cautioned that CISA will also pose “potential challenges” to companies in terms of the resources required to share cyber threat information and perceived privacy risk. See also “How the Legal Industry Is Sharing Information to Combat Cyber Threats
” (Sep. 16, 2015).