Chair Rosenworcel Circulates New Data Breach Reporting RequirementsDavid Chung
Jessica Rosenworcel, Chairwoman of the Federal Communications Commission (FCC) shared a Notice of Proposed Rulemaking (NPRM) to strengthen the Commission’s rules for notifying customers and federal law enforcement of any data breaches of proprietary network information. The notice comes on the heels of the multiple critical infrastructure attacks that have occurred over the past year. There are currently no uniform national incident reporting requirements in the United States. The goal of these strengthened rules will be to better protect customers, enhance security protections, and reduce the impact of breaches.
“Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information. But these rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected customers,” said Chairwoman Rosenworcel.
The new breach requirements proposed would include:
· Eliminating the seven business days waiting period to notify customers of a breach
· Expand customer protections by requiring customers be notified of accidental breaches
· Require carriers to notify the FCC of all reportable breaches in addition to the FBI and Secret Service
In September, the FCC proposed rules targeting SIM swapping scams and port-out fraud. This notice advances the cause of the FCC to keep up-to-date with emerging and evolving cybersecurity threats.
The memo can be found at: https://docs.fcc.gov/public/attachments/DOC-379162A1.pdf