Rep. Adam Schiff, D-Calif., had tried to amend the bill to require companies to strip any data of personally identifiable information before sharing it with the government. But Republicans blocked his proposal from being debated on the floor because they said tough mandates might deter companies from participating.
Business groups say the privacy concern is overblown.
"When it comes to sharing, there are practical, business reasons why companies carefully protect" sensitive information, Tim Molino with the Business Software Alliance recently wrote in an online post urging lawmakers to pass the bill.
"At the end of the day, personal information is customer information, and maintaining trust with customers is a core business imperative," Molino added.
Privacy groups also objected to the bill because they said it would give the National Security Agency a front-row seat in analyzing data from private computer networks. The bill doesn't address the NSA's role specifically, but it's presumed that the military intelligence agency would have a central role in the data-sharing program because of its technical expertise in tracking foreign-based hackers.
Democratic Rep. Jan Schakowsky of Illinois had tried to amend the bill to prohibit the military from collecting threat data directly from industry. But that proposal also was blocked from floor debate amid GOP objections. Still facing a veto threat, Rep. Michael McCaul, R-Texas, worked with Democrats on a measure that would ensure that companies go first through the Department of Homeland Security. While that proposal was adopted, the American Civil Liberties Group and others still were not satisfied.
"Cybersecurity can be done without sacrificing Americans' privacy online," Michelle Richardson, an ACLU legislative counsel, said after the vote.
Sen. Jay Rockefeller, D-W.Va., chairman of the Senate Commerce Committee, is expected to take the lead on cybersecurity proposals that would likely address the issue of information sharing but also take up other issues including ways to improve research and development.
In a statement after the vote, Rockefeller said the House action was important, "even if CISPA's privacy protections are insufficient." He said he would work with Sen. John Thune, R-S.D., on bills covering various aspects of cybersecurity. "There is too much at stake," he said, "for Congress to fail to act."