Breach disclosure
rules
FCC Chair Proposes Updates to Data Breach Reporting Rules for Telecom Carriers
The chairwoman of the Federal Communications Commission wants to amend the agency’s rules on telecommunications companies’ duty to notify customers and government authorities about data breaches.
FCC Chair Jessica Rosenworcel circulated a notice of proposed rulemaking to align the commission’s breach disclosure policy with recent developments in state and federal legislation, the FCC said Wednesday.
Lawmakers in Congress are currently pushing to enact legislation that would mandate companies to urgently report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency.
A group of lawmakers in the House of Representatives wants to include the legislation in the “next available vehicle” after the package was excluded from the latest National Defense Authorization Act, FCW reported Thursday.
In an FCC press release, Rosenworcel said there already exists legislation that holds telecommunications carriers accountable for the security of their customers’ sensitive information.
However, the laws need to be updated in response to the increasing frequency and sophistication of modern cybersecurity threats, the chairwoman added.
Rosenworcel’s proposed amendments to breach disclosure rules include eliminating the seven-day mandatory waiting period for companies to notify customers of a breach, requiring notification of inadvertent breaches and requiring carriers to report breaches to the FCC, the FBI and the U.S. Secret Service.
The FCC said that the proposed changes will help ensure that authorities receive in a timely matter the information they need to respond to cybersecurity incidents.
The commission is also considering requiring customer breach notices to have different information categories to ensure that their contents are useful and actionable.
Category: Cybersecurity