It's about time: House of Representatives passes cybersecurity legislation
Posted on 04/24/2015 at 12:30 PM by John Lande
On April 22, 2015, the United States House of Representatives passed the Protecting Cyber Networks Act (PCNA). If PCNA is enacted, it will become the first piece of comprehensive federal legislation to address cybersecurity. The House's action comes after several high profile data breaches, previously covered by this blog. The legislation requires the federal government to share information about cybersecurity threats with private entities, and encourages private entities to share information with each other about possible cyber threats. The law continues the policy of preventing private U.S. entities from using offensive cyber tools to preemptively attack cyber thieves, or to retaliate after a breach. The House bill also ensures that companies will not be liable for failing to act on the basis of information shared with them:
SHARING OR RECEIPT OF CYBER THREAT INDICATORS. No cause of action shall lie or be maintained in any court against any non-Federal entity, and such action shall be promptly dismissed, for the sharing or receipt of a cyber threat indicator or defensive measure under section 3(c), or a good faith failure to act based on such sharing or receipt, if such sharing or receipt is conducted in good faith in accordance with this Act and the amendments made by this Act.
(emphasis added). This provision is important for banks because it could remove a potential avenue of recovery in the event a bank's customer is the victim of cyber theft. As this blog has previously covered, banks can in some circumstances shift liability for large corporate losses back to the corporate entity if that corporate entity was the reason the cyber thieves were successful. Under PCNA, a corporate entity that received information about a cyber threat, but failed to act on that tip, may be able to avoid liability to the bank. There is still a long road ahead for the PCNA before it becomes law. While similar legislation is pending in the United States Senate, President Obama has been reluctant to support this legislation in the past. That may change, however, if a bipartisan bill comes out of Congress. Banks and this blog will have to pay close attention to whether new rules affect their rights. The material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed.
Categories: Cybersecurity Law, John Lande, Banking Law
Questions, Contact us today.
The material, whether written or oral (including videos) that is posted on the various blogs of Dickinson Bradshaw is not intended, nor should it be construed or relied upon, as legal advice. The opinions expressed in the various blog posting are those of the individual author, they may not reflect the opinions of the firm. Your use of the Dickinson Bradshaw blog postings does NOT create an attorney-client relationship between you and Dickinson, Bradshaw, Fowler & Hagen, P.C. or any of its attorneys. If specific legal information is needed, please retain and consult with an attorney of your own selection.