No matter how small the amount of private data may be, the ACLU says any data sharing from private companies to the government is too much.
"CISPA does not require companies to make reasonable efforts to protect their customers' privacy and then allows the government to use that data for [undefined purposes]," said ACLU legislative counsel Michelle Richardson in a statement.
"We brought privacy groups like the ACLU to the table, and they said the bill was too broad," said Ruppersberger. "I was disappointed that they did not even talk about some of the things we did do [to address privacy]."
But Ruppersberger argued that the information shared between companies and the government under CISPA would be completely anonymous.
"When we are sharing information it's always formulas, not personal information because that's against the law and we would need a court order to get that information," said Ruppersberger, referring to IP addresses being shared over credit card numbers.
Some technology experts say trusting the government to keep information anonymous is not enough to ensure successful collaboration between the government and businesses.
"It's not enough to say 'we aren't going to violate your privacy'," said Bloomberg government tech analyst Mike Nelson. "There's clearly a need for more incentives to align the needs of citizens and the needs of business."
Nelson believes that under CISPA's current provisions, businesses would be hesitant to share customers' information with the government anyway, no matter how much of the data is anonymous.
He also voiced concern about people thinking the executive order and CISPA would cover all cyber security problems. Passing a bill is one thing, but hitting the ground running without enough trained professionals and implemented technologies is another.
"I worry a little bit that we are putting way too much attention on just one bill," he said. "If we implement the executive order and the bill, [people may think] 90 percent of the work is done, that's not the case."