The U.S. Federal Communications Commission (FCC) is preparing to strengthen rules applicable to the reporting of breaches of certain customer information collected and maintained by telecommunications providers.
According to a press release, FCC Chair Jessica Rosenworcel has shared with the Commission the text of a Notice of Proposed Rulemaking (NPRM) that would include several updates and modifications to the Commission’s existing requirements on telecommunications carriers’ breach notification requirements. The changes proposed in the NPRM include:
- Eliminating the mandatory seven business day waiting period for carriers to notify customers of a data breach;
- Requiring consumer notifications of inadvertent breaches; and
- Notifying the Commission as well as the FBI and the U.S. Secret Service of all reportable breaches.
“These rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers,” noted Rosenworcel. “Customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information.”