The bill does not require companies to scrub personal data from the information they share with government agencies, instead requiring the agencies to minimize the personal information after they receive the data. But if companies share cyberthreat information with each other, there are no protections for personal data, said Representative Adam Schiff, a California Democrat.
The bill gives private companies "broad immunity without any responsibility" to protect personal information, he said. Although sponsors pointed to support from a number of tech companies and trade groups, that "doesn't mean it's good policy," he added.
Sign up for CIO Asia eNewsletters.