Department of Homeland Security and DOJ Issue Interim Privacy and Civil Liberties Guidelines | Practical Law

Department of Homeland Security and DOJ Issue Interim Privacy and Civil Liberties Guidelines | Practical Law

The Department of Homeland Security (DHS) and DOJ have issued interim guidelines governing federal entities' receipt, retention, use, and dissemination of cyber threat indicators under the Cybersecurity Information Sharing Act of 2015.

Department of Homeland Security and DOJ Issue Interim Privacy and Civil Liberties Guidelines

by Practical Law Intellectual Property & Technology
Published on 19 Feb 2016USA (National/Federal)
The Department of Homeland Security (DHS) and DOJ have issued interim guidelines governing federal entities' receipt, retention, use, and dissemination of cyber threat indicators under the Cybersecurity Information Sharing Act of 2015.
On February 16, 2016, the Department of Homeland Security (DHS) and DOJ issued privacy and civil liberties interim guidelines regarding cyber threat indicators obtained by federal entities in connection with activities authorized in the Cybersecurity Information Sharing Act of 2015 (CISA). The guidelines also detail how CISA's Fair Information Practice Principles (FIPPs) shape the guidelines.
The guidelines address:
  • The receipt, retention, use, and dissemination of cyber threat indicators.
  • CISA requirements relating to receipt, retention, use, and dissemination of personal information applicable to defensive measures, as defined in the guidelines.
  • Procedures for notifying federal entities and non-federal entities that have received an improper cyber threat indicator or defensive measure.
  • Requirements for how to safeguard personal information.
  • Sanctions for failure to abide by the usage requirements in the guidelines.
  • Internal audits of CISA compliance in the form of detailed bi-annual reports.
The guidelines also note that the DHS and DOJ will periodically review and update the guidelines, as appropriate.