The Homeland Security bill passed by the House of Representatives on Wednesday -- appears to apply to law firms.
That’s according to Jeroen Plink, managing director of the global cybersecurity consulting firm Glasswall Solutions and former U.S. chief executive officer of the Practical Law Co, who looked at the text of the bill on Wednesday morning.
But Plink said he expected law firms would be able to share information on detected malware. “Most things are too sensitive,” including all information protected by attorney-client privilege, he said in a telephone interview.
The House passed theNational Cybersecurity Protection Advancement Act (H.R. 1731) on Wednesday, which encourages companies to share information on cyberthreats with other companies and/or the Department of Homeland Security, by providing the companies with liability protection. Any data sharing would be voluntary.
The liability waiver provision seeks to address concerns that U.S. companies face liability risks, such as shareholder or customer lawsuits, when they voluntarily disclose cybersecurity-related information.
The bill would require that cyberthreat data be scrubbed twice to strip out personally identifying information — once by the company and once by DHS. Nonetheless, Plink said law firms will be “very, very careful” when deciding whether to share any cyberthreat data.
The Senate Intelligence Committee passed a similar measure, which is expected to receive a full vote this Spring.