View all text of Part D [§ 681 - § 681g]
§ 681e. Information shared with or provided to the Federal Government
(a) Disclosure, retention, and use
(1) Authorized activitiesInformation provided to the Agency pursuant to section 681b or 681c of this title may be disclosed to, retained by, and used by, consistent with otherwise applicable provisions of Federal law, any Federal agency or department, component, officer, employee, or agent of the Federal Government solely for—
(A) a cybersecurity purpose;
(B) the purpose of identifying—
(i) a cyber threat, including the source of the cyber threat; or
(ii) a security vulnerability;
(C) the purpose of responding to, or otherwise preventing or mitigating, a specific threat of death, a specific threat of serious bodily harm, or a specific threat of serious economic harm, including a terrorist act or use of a weapon of mass destruction;
(D) the purpose of responding to, investigating, prosecuting, or otherwise preventing or mitigating, a serious threat to a minor, including sexual exploitation and threats to physical safety; or
(E) the purpose of preventing, investigating, disrupting, or prosecuting an offense arising out of a cyber incident reported pursuant to section 681b or 681c of this title or any of the offenses listed in section 1504(d)(5)(A)(v) of this title.
(2) Agency actions after receipt
(A) Rapid, confidential sharing of cyber threat indicators
(B) Principles for sharing security vulnerabilities
(3) Privacy and civil liberties
(4) Digital security
(5) Prohibition on use of information in regulatory actions
(A) In general
(B) Clarification
(b) Protections for reporting entities and informationReports describing covered cyber incidents or ransom payments submitted to the Agency by entities in accordance with section 681b of this title, as well as voluntarily-submitted cyber incident reports submitted to the Agency pursuant to section 681c of this title, shall—
(1) be considered the commercial, financial, and proprietary information of the covered entity when so designated by the covered entity;
(2) be exempt from disclosure under section 552(b)(3) of title 5 (commonly known as the “Freedom of Information Act”), as well as any provision of State, Tribal, or local freedom of information law, open government law, open meetings law, open records law, sunshine law, or similar law requiring disclosure of information or records;
(3) be considered not to constitute a waiver of any applicable privilege or protection provided by law, including trade secret protection; and
(4) not be subject to a rule of any Federal agency or department or any judicial doctrine regarding ex parte communications with a decision-making official.
(c) Liability protections
(1) In general
(2) Scope
(3) Restrictions
(d) Sharing with non-Federal entities
(e) Stored Communications Act
(Pub. L. 107–296, title XXII, § 2245, as added Pub. L. 117–103, div. Y, § 103(a)(2), Mar. 15, 2022, 136 Stat. 1051.)