FCC Chairwoman Jessica Rosenworcel has proposed new requirements that would strengthen data breach reporting rules.
Data breaches have become a near-daily occurrence, with customers’ data being stolen, bought, and sold on the dark web. While there are requirements in place for how companies should address data breaches, Rosenworcel wants to see those requirements strengthened in a way that protects consumers even more.
“Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information. But these rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers,” said Chairwoman Rosenworcel. “Customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information. I look forward to having my colleagues join me in taking a fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”
In particular, the new proposal would eliminate the seven day mandatory waiting period before companies can notify customers of a breach, require notification of inadvertent breaches, and require carriers to notify the FCC, the FBI, and the US Secret Service of all reportable breaches.