The Federal Communications Commission is seeking to update its rules on how quickly telecommunication carriers notify customers after information breaches.
According to Cyberscoop, the new rule would eliminate the current seven-day waiting period for carriers to notify customers of a breach and require all breaches to be reported to the FCC, FBI and US Secret Service.
Instead of this, telecoms would need to report breaches to law enforcement as soon as intrusions are discovered and immediately to consumers, as well, unless otherwise advised by authorities.
Furthermore, the law would also update the definition of a breach under the law to include inadvertent exposure of customer information, not just outside hacks.
The current FCC rules require that carriers that have over 5,000 customers notify the FCC of a data breach within seven days of discovery, while breaches affecting fewer than 5,000 customers must be reported no later than 30 days.
FCC chairwoman Jessica Rosenworcel said the FCC first adopted the rule in 2007, but its requirements are insufficient given the severity of hacks on phone companies in recent years.
Rosenworcel added, “The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements. This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”
Copyright © 2023 RegTech Analyst
Copyright © 2018 RegTech Analyst