PRATT’S PRIVACY & CYBERSECURITY LAW REPORT may suggest that companies are not especially concerned about potential liability arising from such sharing.23 Indeed, the Act’s antitrust liability protections probably are little more than a legislative formality, as the Department of Justice and Federal Trade Commission’s joint Antitrust Policy Statement on Sharing of Cybersecurity Information made clear that the antitrust enforcement agencies ‘‘do not believe that antitrust is—or should be—a roadblock to legitimate cybersecurity information sharing’’ and provided guidelines on sharing such information without running afoul of the antitrust laws. The Act’s protection from liability for private entities when sharing cyber threat indicators or defensive measures with the federal government likely was unnecessary as well, as privacy experts and technologists have long argued that such indicators typically do not contain private data and are already being shared with the federal government in the case of a cyber attack.24 Although a limited measure, the Cybersecurity Act of 2015 should facilitate increased information sharing among private sector entities and between the private sector and the federal government, which will at least marginally improve the nation’s cybersecurity. And while the Act provides for liability protection, private actors looking to share cyber threat indicators or other cyber-related information with each other or with the government should continue to consult counsel, especially when assessing how the Act’s provisions interact with other federal and state laws and regulations regarding access to and use of proprietary or personally identifiable information.25 23 See Steven Norton, Facebook Says More Than 90 Companies Using Cybersecurity Information Sharing Platform, CIO Journal (Aug. 21, 2015, 6:16 PM), http://blogs.wsj.com/cio/2015/08/21/facebook-saysmore-than-90-companies-using-cybersecurity-information-sharing-platform/. 24 See, e.g., Letter from Technologists to Sens.

Richard Burr & Diane Feinstein & Reps. Adam Schiff, Devin Nunes, & Michael McCaul (Apr. 16, 2015), available at http://cyberlaw.stanford.edu/files/blogs/ technologists_info_sharing_bills_letter_w_exhibit.pdf. 25 See, e.g., Jennifer Granick, OmniCISA Pits DHS Against the FCC and FTC on User Privacy, Just Security (Dec.

16, 2015, 6:09 PM), https://www.justsecurity.org/28386/omnicisa-pits-governmentagainst-self-privacy/. 96 .