- The FCC proposes to update data breach reporting to address security breaches in the telecom industry.
- The FCC proposes eliminating the current seven business day mandatory waiting period for notifying customers of a breach.
- The Commission will look to better align its rules with recent developments in federal and state data breach laws.
The Federal Communications Commission is strengthening its rules with a proceeding, named FCC Proposes Updated Data Breach Reporting To Address Security Breaches in Telecom Industry, for notifying customers and federal law enforcement about breaches of customer proprietary network information. The commission aims to align its rules better with the recent developments in federal and state data breach laws covering other sectors.
Updated data breach reporting
The Notice of Proposed Rulemaking adopted by a unanimous vote of the full Commission will launch a formal proceeding to gather information on the issue. It will also take comments on rule changes proposed by the Commission.
FCC data breach rules are 15 years old. An update is way overdue. It starts now. https://t.co/Lzul0Fkfja
— Jessica Rosenworcel (@JRosenworcel) January 6, 2023
With the changes, the commission aims to better address telecommunications carriers’ breach notification requirements. With the proposal, the FCC also aims to eliminate the current seven business day mandatory waiting period for notifying customers of a breach. The FCC also proposed to clarify its rules to require consumer notification by carriers of inadvertent breaches. The rule changes will require notification of all reportable breaches to federal agencies, including the FCC, FBI, and U.S. Secret Service.
The commission is seeking comments about requiring customer breach notices to include specific categories of information to help ensure they contain actionable information useful to the consumer. It also proposes to change the commission’s telecommunications relay services data breach reporting rule. Jessica Rosenworcel, Chairwoman of FCC said,
« The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements. This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches. »