Adam Golodner Weighs in on Government Efforts to Boost Corporate Cybersecurity in Global Investigations Review

Global Investigations Review reports that the Department of Justice (DoJ) recently published a white paper providing the DOJ's views about whether the Stored Communications Act (18 U.S.C. 2701) (SCA) restricts network operators from voluntarily sharing aggregate data with the government that would promote the protection of information systems. The United States Government (USG) and industry generally have the view that increased cyber threat information sharing can help protect networks and information, and the USG is trying to be responsive to concerns that current law creates barriers to effective information sharing. To further address the issue of barriers, the DOJ issued this white paper on the SCA, following last month’s issued policy guidance on the application of the Antitrust laws to information sharing of cyber threat information. As a general matter, the SCA prohibits network operators from sharing information that could be considered private, customer-specific information. In the white paper, the DOJ shared its view that it does "not believe that the SCA prohibits a network provider from sharing aggregated non-content data with governmental entities, as long as that aggregated data does not reveal information about a particular customer or subscriber." The determination of whether cyber data is really aggregated and anonymous, and can't be tied to a particular individual is a very fact specific analysis, and as the DOJ said, entities considering non-content disclosures should seek their own legal counsel.

In discussing the decision of DOJ to issue the white paper, and why governments and industry now care so much about cybersecurity and cyber information sharing globally, Kaye Scholer Partner Adam Golodner, Leader of the firm’s Global Cybersecurity & Privacy Group, said he believes that the White Paper is part of a government-wide plan to strengthen corporate cybersecurity, noting, “The white paper is a step forward in addressing perceived barriers to cybersecurity information sharing.”

According to Golodner, “US companies increasingly consider cybersecurity and the threat of enforcement action stemming from data breaches as a major concern.” He added, “Company boards are now focusing on cybersecurity threats as a core risk, in a way we have never seen before. When they see reports about huge breaches on the front pages of newspapers and headlined in the evening news, they start to pay attention.”