The Federal Communications Commission (FCC) has proposed more stringent data breach reporting requirements for telecommunications carriers in response to breaches that have recently hit the telecommunications industry.
On Wednesday, Chairman Jessica Rosenworcel shared the proposal as a Notice of Proposed Rulemaking (NPRM), the first step in changing FCC rules to alert federal agencies and customers of data breaches.
“Customers deserve to be protected from the increasing frequency, sophistication and scale of these data breaches, and the consequences that can last years after personal information is exposed,” said President Rosenworcel. [PDF].
“I look forward to my colleagues joining me in taking a fresh look at our data breach reporting rules to better protect consumers, increase security and reduce the impact of future breaches.”
The FCC’s proposed updates to its current data breach reporting rules for wireless carriers include:
- Elimination of the current seven business day mandatory waiting period to notify customers of a breach
- Expand customer protection by requiring notification of unintentional breaches
- Require carriers to notify the Commission of all reportable violations in addition to the FBI and US Secret Service
The FCC is also seeking comment regarding the inclusion of specific categories of information in violation alerts sent to customers by carriers, which would help ensure that violation notifications are accompanied by actionable information for consumers.
The NPRM is also proposing revisions to the Commission’s Telecommunications Relay Services (TRS) data breach reporting requirements.
“Current law already requires telecom operators to protect the privacy and security of sensitive customer information,” Rosenworcel added.
“But these rules need to be updated to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers.”
As part of that same effort, the FCC proposed new rules to ward off SIM card swapping attacks and transfer fraud in September to further reduce the risk of telecommunications customer information being inappropriately exposed. .
In February, T-Mobile learned of a data breach following reports of multiple customers experiencing SIM swapping attacks.
In August, the same operator revealed a massive data breach after attackers forced their way through its network and gained access to test environments, allowing them to steal records belonging to 54.6 million customers. current, former or potential.
- 3 Security Services to Monitor Personal Data Breaches
- FCC Chair wants carriers to start planning for 6G now
- FCC Chairman plans to block proprietary agreements that limit ISP choice in apartments
- FCC aims to end broadband bill shock, revives plan canceled by Ajit Pai
- Spam messages could finally go away for good under new FCC rules
