The House has approved the Cyber Intelligence Sharing and Protection Act (CISPA, H.R. 624). CISPA allows private companies and the federal government to exchange information relating to cybersecurity threats.

The bill was passed in the face of some concerns that it might provide private consumer information to the government. According to Reuters, President Obama has threatened to veto the bill on the basis that it supposedly does not mandate that companies take the greatest efforts to remove personal information before providing it to the government.

CISPA specifically states that it would amend the National Security Act of 1947 by adding a new section titled "Cyber Threat Intelligence and Information Sharing."

That section provides that the Director of National Intelligence is to establish procedures to allow elements of the intelligence community to share cyber threat intelligence with private entities and utilities.

As such, classified cyber threat intelligence may only be shared by an element of the intelligence community with a certified entity, a person with appropriate security clearance, and shared consistent with the need to protect the national security of the United States.

Cyber threat information is to be shared only pursuant to restrictions placed on the information by the protected entity authorizing such sharing, and may not be used to gain any unfair competitive advantage to the detriment of a protected entity authorizing the information-sharing.

Information shared is to be exempt from disclosure under the Freedom of Information Act. Furthermore, there is to be no civil or criminal liability based on a protected entity sharing cyber threat information in good faith.

Shared cyber threat information may be used by the federal government for cybersecurity purposes, for the investigation and prosecution of cybersecurity crimes, for the protection of individuals from danger of death or serious bodily harm, and for the protection of minors from child pornography, sexual exploitation and physical safety.

CISPA also provides that the Director of National Intelligence shall establish policies and procedures that, among other things, "minimize the impact on privacy and civil liberties" and "protect the confidentiality of cyber threat information associated with specific persons to the greatest extent practicable."

The devil always is in the details. And while the bill likely is positively motivated and calls for policies and procedures to be created protect privacy, civil liberties and confidentiality, it very well may be that such policies and procedures will need to be specifically outlined in advance before this type of legislation actually can become law.

Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP, where he focuses on litigation matters of various types, including information technology and intellectual property disputes. You can read his professional biography here. To receive a weekly email link to Mr. Sinrod's columns, please email him at ejsinrod@duanemorris.com with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.

This article is for general information and does not include full legal analysis of the matters presented. It should not be construed or relied upon as legal advice or legal opinion on any specific facts or circumstances. The description of the results of any specific case or transaction contained herein does not mean or suggest that similar results can or could be obtained in any other matter. Each legal matter should be considered to be unique and subject to varying results. The invitation to contact the authors or attorneys in our firm is not a solicitation to provide professional services and should not be construed as a statement as to any availability to perform legal services in any jurisdiction in which such attorney is not permitted to practice.

Duane Morris LLP, a full-service law firm with more than 700 attorneys in 24 offices in the United States and internationally, offers innovative solutions to the legal and business challenges presented by today's evolving global markets. Duane Morris LLP, a full-service law firm with more than 700 attorneys in 24 offices in the United States and internationally, offers innovative solutions to the legal and business challenges presented by today's evolving global markets. The Duane Morris Institute provides training workshops for HR professionals, in-house counsel, benefits administrators and senior managers.