FCC cracks whip on security breach reporting


The Federal Communications Commission (FCC) has proposed new update that would require telcos to accelerate their reporting of data breaches for both customers and law enforcement

On Friday, the FCC began proceedings to bolster the existing rules regarding telco obligations to notify their customers when sensitive data has been compromised.

Currently, network operators are required to notify the relevant authorities – the FCC, but also potentially the US Secret Services and Federal Bureau of Investigation (FBI) – of a data breach within a maximum of seven days after discovery. Only then, assuming no objections from law enforcement agencies, can customers be notified.

Now, the newly proposed update suggests eliminating this seven-business-day window, meaning that customers can be notified more quickly, “without unreasonable delay”, when their data has been leaked.

The update would also broaden the existing scope of what is considered a ‘breach’, now including cases of “inadvertent access, use, or disclosures of customer information”, rather solely breaches as a result of cyber-attacks. In short, telcos will be required to report incidents where customer data is compromised due to their own negligence as well as those caused by malicious actors attacking the network.

“The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements,” said FCC Chairwoman Jessica Rosenworcel.  “This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”

If passed, this update will bring the FCC regulations more closely in line with those of data protection standards found elsewhere in the world, such as the European Union’s General Data Protection Regulation (GDPR), which requires customers to be notified of any breach within 72 hours.

This would be the first time the law has been updated in 15 years.

How are the latest regulatory changes impacting the telecoms landscape in the US? Learn more from the operators themselves at the upcoming Connected America conference live in Dallas, Texas

Also in the news:
Orange opens European solar farm to boost access to renewable energy
Bullitt: Two-way satellite messaging will be available this quarter
Cox launches mobile services to bolster fixed line offerings