This bill seeks to improve national cyber security by creating new procedures for private sector companies to share information with the government — without the fear of being sued.
First, the bill would set up a system where the government can share classified information with non-government affiliated parties (private sector organizations), and where those non-government parties can share their information with the government. The government would be able to use the information gathered for cases against both cyber and physical crimes.
All of this information would be monitored and managed by a new organization called the Cyber Threat Intelligence Integration Center (CTIIC). This entity would report to the Director of National Intelligence.
This bill would make sharing easier through a series of liability protections. Participating organizations would be protected from lawsuits by people who want compensation for having their information shared. If you wanted to sue FourSquare because it shared your check-in location with the Feds in a case against you, well, tough.
At the same time, it also comes with a number of elements aimed at protecting privacy. It specifically bans spying or collecting personal information on an individual. Under the bill, when organizations acquired information, they would have to analyze it to determine if it has a person’s private information and, if it does, remove those parts from their collection. The Attorney General himself has to vet it for privacy issues. The bill also comes with a whistleblower protection.