Following a series of hacks and data leaks at US telecom companies, the Federal Communications Commission has proposed today a series of changes to it

FCC proposes stricter data breach reporting rules

submited by
Style Pass
2022-01-14 17:30:03

Following a series of hacks and data leaks at US telecom companies, the Federal Communications Commission has proposed today a series of changes to its data breach notification requirements.

FCC Chairwoman Jessica Rosenworcel, who published the proposed rules earlier today, said that the agency needs to update its existing reporting rules to “fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers,” which often learn of breaches long after they have occurred.

frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information,” Rosenworcel said.

To achieve this, the FCC believes that by eliminating a seven-business-day waiting period that is granted to telecom companies before notifying customers of a breach is a good step to start. The direct consequence of removing this current waiting period will be that telecom companies can notify customers of a breach as soon as it happens—if they are in a capability of doing so and haven’t been told by a law enforcement agency to wait until an investigation has been completed.

In addition, the FCC wants telecoms to be required to notify customers of inadvertent data leaks as well, and not only situations where a malicious and intentional act was involved. This means telecoms will have to notify customers of situations where they accidentally left personal data exposed online on unsecured servers, something that not all providers currently do.

Leave a Comment