The Administration strongly supports Senate passage of S. 3414,
the Cybersecurity Act of 2012. While lacking some of the key
provisions of earlier bills, the revised legislation will provide
important tools to strengthen the Nation's response to
cybersecurity risks. The legislation also reflects many of the
priorities included in the Administration's legislative
The Administration particularly appreciates the bill's
strong protections for privacy and civil liberties and would not
support amendments that weaken these protections. The
Administration agrees that it is essential that the collection,
use, and disclosure of such information remain closely tied to the
purposes of detecting and mitigating cybersecurity threats, while
still allowing law enforcement to investigate and prosecute serious
crimes. All entities – public and private –
must be accountable for how they handle such data. The bill should
take care not to duplicate existing domestic or international law
enforcement frameworks. The bill also must protect the
confidentiality of statistical data and honor the statutory
confidentiality pledges made to respondents. The Administration is
confident that S. 3414 can improve the Nation's cybersecurity
while protecting the privacy, confidentiality, and civil liberties
that are central to American values.
The revised bill contains critical-infrastructure protection
measures that are less robust than in earlier drafts, but would
still produce meaningful cybersecurity improvements. However, the
Administration would not support amendments that would weaken the
critical infrastructure protection measures in the legislation,
including: (1) reducing the Federal Government's existing roles
and responsibilities in coordinating and endorsing the
outcome-based cybersecurity practices; (2) weakening the statutory
authorities of the Department of Homeland Security to accomplish
its critical infrastructure protection mission; or (3)
substantially expanding the narrowly-tailored liability protections
for private sector entities. While liability limitations are
necessary to encourage information sharing, overly broad immunities
from legal obligations would undermine the very trust that the bill
seeks to strengthen.
S. 3414 would create an interagency National Cybersecurity
Council to coordinate the identification of voluntary cybersecurity
practices for critical cyber infrastructure. As currently drafted,
the structure of the National Cybersecurity Council raises
constitutional concerns and should be amended to employ an
administrative structure similar to that of other recently
established councils. Further, the bill contains provisions
purporting to prescribe the Executive branch's responsibilities
in coordinating with foreign governments and conducting diplomatic
negotiations. These provisions should be clarified so as to
maintain the President's exclusive constitutional authority to
conduct diplomacy. The Administration also believes that to ensure
consistency with existing law, processes, and Presidential
directives, certain provisions must be addressed in the final bill
regarding the protection of intelligence sources and methods, as
well as information sharing and policy coordination.
The Administration looks forward to working with the Congress to
ensure that cybersecurity legislation is sufficiently comprehensive
to address the growing cyber threats facing the Nation.
To view Foley Hoag's Security, Privacy and The Law
Blog please click
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The 2010 theft of an unencrypted laptop containing confidential health care information made front-page news in 2013, not because a huge number of patients were affected, but for the exact opposite reason.
Any company that collects personal data from consumers should take proactive steps to have appropriate legal counsel review its data security practices, as well as its terms of service or privacy practices, to identify any potential problem areas.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published on its website a series of factsheets designed to educate consumers unfamiliar with their rights under the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security Rules.