US telecommunications regulators are proposing enhanced breach notification requirements for incidents of customer information compromise.
The FCC has announced that it will begin a “procedure” to update its rules in line with infringement notification laws covering other sectors at the federal and state levels.
Specifically, we aim to eliminate the current 7 business day mandatory waiting period to notify customers of violations. Regulators also want to ensure that carriers notify customers of “inadvertent” violations and notify not only the FCC but also the FBI and the U.S. Secret Service of all reportable violations. .
FCC Chairman Jessica Rosenworcel said, “The law requires carriers to protect sensitive consumer information, but given the increasing frequency, sophistication and scale of data breaches, Regulations need to be updated to protect and strengthen reporting requirements.
“This new procedure provides a much-needed freshness to data breach reporting rules to better protect consumers, enhance security, and mitigate the impact of future breaches.”
The proposed rulemaking notice was unanimously adopted by the Commission. The next step is to gather more information on this issue and open up industry comments on the proposal.
The FCC wants to hear from interested parties whether certain categories of information should be included in infringement notifications to make them more helpful to affected customers.
Such regulatory efforts can take time. The FCC first proposed the change almost a year ago.
However, the 15-year-old telco breach reporting rules now certainly need to be updated, as telecom players continue to be prime targets for threat actors.
Last year, T-Mobile agreed to pay $350 million to settle class action claims related to a 2021 cyberattack that affected an estimated 80 million U.S. residents. .
