The U.S. Federal Communications Commission (FCC) has proposed updating its rules requiring telecommunications operators to notify customers and law enforcement of breaches of confidential consumer information.
The proposed rule changes were detailed in a Notice of Proposed Rulemaking issued by the Commission in early January. In brief, the proposed changes would eliminate the current seven business day mandatory waiting period to issue notifications of a breach, and would also require notification of all reportable breaches to the FCC, the Federal Bureau of Investigation (FBI), and the U.S. Secret Service.
The Commission also seeks to expand the definition of “breach” to include any inadvertent access, use, or disclosure of customer information. This change would help to protect customers not just from malicious breaches by third parties but also from accidental access, use, or disclosures.
If adopted, the proposed changes would dramatically overhaul Commission rules first enacted in 2007. The Commission acknowledged in its Notice that the threat landscape facing telecommunications operators has changed dramatically over the past 15 years and that its proposed changes are necessary to keep pace with emerging challenges to data security.