You may recall the Act's principal objective is to create a space that encourages cybersecurity data sharing between and among businesses and governments in furtherance of timely action against cybersecurity threats.
The guidance paper - it is configured in four (4) sections) - is intended to assist interpretation and provides a template to
frame
lawful process and action.
T
he chapter on
Privacy and Civil Liberties might be of heightened interest to this WG
. Even as it enables federal entities to'receive, retain, use and disseminate' PII as part of the corpus of cyber threat indicators, purpose specification, data minimization and use limitation are also delineated.
See the entire document here: