In Articles

On December 18, the President signed into law H.R. 2029, the Consolidated Appropriations Act Of 2016, (the “Act”), the 887 page bill which avoided a closure of federal government functions.  Beyond the massive funding of the federal budget, the legislation contains a few surprises.

First, and foremost, is the suspension or postponement of the implementation of funding sources for the Affordable Care Act (the “ACA”, colloquially, “Obamacare”).  Division P of the Act’s “Tax Related Provisions” postpones the imposition of the so-called “Cadillac tax”, the tax on “high-cost” health insurance plans; suspends for two years, until 2019, the 2.3 percent excise tax on medical devices that started in 2013; and places a moratorium on health insurer fees. The Act also removes the “health insurer fees” from the “non-deductible tax” list within the Internal Revenue Code.  All of the foregoing were to contribute a significant source of revenue toward funding the ACA.  (The “Cadillac tax” is assessed on health-insurance premiums over the limit of $10,200 for individuals or $27,500 for families.)  In the case of the moratorium on health insurer fees, however, the popular consensus is that the fee is basically passed on to subscribers so that the impact on funding the ACA is negligible.

Secondly, Division N of the Act contains the controversial “Cybersecurity Act of 2015” (“CSA”).  The CSA requires the Director of National Intelligence and the Departments of Homeland Security (DHS), Defense, and Justice to develop procedures to share cybersecurity threat information with private entities, nonfederal government agencies, state, tribal, and local governments, the public, and entities under “threats”.  It provides that private entities may monitor and operate “defensive measures” on: (1) their own information systems; and (2) with written consent, the information systems of other private or government entities.  Liability protections are provided to entities that voluntarily share and receive “cyber threat indicators and defensive measures” with other entities or the government as those are defined in the CSA.  The CSA, particularly in its earlier Congressional iterations, was opposed by privacy advocates and those in the tech industry as intrusive, the belief being that private information would wind up in the hands of the government in spite of laws that limit private information’s dissemination.  Lawmakers contended the CSA was important to prevent data breaches such as those that have taken place in the recent past.

PK Law’s Insurance Defense and Litigation Defense attorneys can assist with the defense of cybersecurity breach litigation matters.  To contact a PK Law Attorney or to schedule an appointment contact


This information is provided for general information only.  None of the information provided herein should be construed as providing legal advice or a separate attorney client relationship. Applicability of the legal principles discussed may differ substantially in individual situations. You should not act upon the information presented herein without consulting an attorney of your choice about your particular situation. While PK Law has taken reasonable efforts to insure the accuracy of this material, the accuracy cannot be guaranteed and PK Law makes no warranties or representations as to its accuracy.