RÉSUMÉ DIGEST
ACT 187 (SB 46) 2019 Regular Session Peacock
New law creates the Louisiana Cybersecurity Information Sharing Act (Act).
Provides that the purpose of this Act is to provide a framework for sharing cybersecurity
information under Louisiana law that is consistent with federal law.
Requires that the phrases "cyber threat indicator" and "defensive measure information" have
the meaning ascribed to them in federal law (6 U.S.C. §1501 et seq.)
Provides that when sharing a cyber threat indicator or defensive measure information,
requires that each natural or juridical person or public or private entity receive the legal
protections and privileges conveyed by the federal Cybersecurity Information Sharing Act
of 2015 (6 U.S.C. §1501 et seq.) and as provided in new law.
Provides that the sharing a cyber threat indicator or defensive measure information does not
constitute a waiver of any applicable privilege or protection provided in the Louisiana Code
of Evidence.
Provides that the following entities are authorized, in addition to those entities identified in
federal law, to receive cyber threat indicators and defensive measure information through
electronic mail transmission:
(1)The Department of Justice, office of the attorney general, La. Bureau of Investigation.
(2)The Department of Public Safety and Corrections, office of state police, La. State
Analytical and Fusion Exchange.
(3)The Governor's Office of Homeland Security and Emergency Preparedness.
Provides that when a natural person or private or public entity is conveying a cyber threat
indicator or defensive measure information by electronic mail, the natural person or public
or private entity shall indicate this by populating "Cyber Threat Indicator" or "Cyber
Defensive Measure" in the subject line of the electronic mail.
Does not relieve a person or entity from requirements for compliance with the Database
Security Breach Notification Law, R. S. 51:3071 et seq., specifically including but not
limited to, the requirements involving protection of personal information and breach
disclosures in prior law.
New law provides that no state entity that receives cybersecurity information pursuant to new
law shall be subject to the reporting requirements of the federal Cybersecurity Information
Sharing Act of 2015.
Authorizes the office of state police to adopt necessary rules in accordance with the
Administrative Procedure Act to implement the provisions of new law provided the rules do
not conflict with the federal Cybersecurity Information Sharing Act of 2015.
Effective August 1, 2019.
(Adds R.S. 51:2101-2109)