The Federal Communications Commission (FCC) has suggested more stringent data breach reporting rules for telecom operators in reaction to recent telecommunications industry data breaches. The idea was released in the form of a Notice of Proposed Rulemaking (NPRM) on Wednesday, the first stage towards revising the FCC’s procedures for notifying government agencies and consumers of data breaches.
“Customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information,” Chairwoman Rosenworcel stated.
She hopes her colleagues to join her in taking a fresh look at their data breach reporting standards to better protect customers, improve security, and mitigate the effect of future attacks.
The FCC is proposing the following changes to the current data breach reporting regulations for mobile carriers:
- Discarding the present seven-day required waiting time for customers to be notified of a data breach
- Customer safeguards are being strengthened by mandating reporting of unintended data breaches
- In addition to the FBI and the US Secret Service, carriers must notify the Commission of all reportable breaches
The FCC also seeks comment on whether specified types of information should be included in breach notices delivered to customers. It would help guarantee that consumers receive relevant information. The NPRM also recommends changes to the Commission’s data breach notification regulations for telecommunications relay services (TRS).
According to Rosenworcel, telecommunications providers are already required by law to preserve the privacy and security of sensitive consumer information. However, these guidelines need to be updated to reflect the changing nature of data breaches and the real-time harm to customers.
