It seems the privacy and tech communities are thoroughly against CISA and are now asking President Obama to veto CISA because it is a horrible piece of legislation:
CISA will be of little help in preventing data breaches and information theft from occurring. For one, the real-time sharing of information that CISA calls for would result in an overwhelming amount of information. The Department of Homeland Security would be receiving a huge volume of data, most of which contains no presence of a cyber-threat. Actual threats would be drowned out by false alarms, making it harder to catch an attack.
At the same time experts agree that information sharing is not the way to prevent massive data breaches. The numbers show that good cyber hygiene would prevent most attacks. According to the Verizon Data Breach Investigations Report, 90% of all incidents are caused by human error and 99.9% of attacks exploit vulnerabilities that have been public for over a year. Updating computer systems, securing end points, and raising awareness on cyber safety are all simple steps that would greatly reduce data breaches. The JP Morgan data breach occurred because a server was left unattended. The Home Depot hack exploited a vulnerability that the company had already been made aware of. The OPM breach occurred because the hackers obtained the log-in credentials of an OPM contractor.
Moreover, information sharing already takes place within the private sector. The larger companies share threat indicators, either directly with one another or through the Information Sharing and Analysis Centers that the government has already established. And as the OPM breach demonstrates, the government is not a secure custodian for personal data.