Federal Communications Commission Seeks Updates to Data Breach Notification Rules

The Federal Communications Commission will move forward with changes to Section 222 of the Communications Act that would impose stricter and more specific reporting requirements regarding breaches to service providers who store their customers’ personal information. According to the agency, a seven-day deadline for telecommunications carriers to disclose potential data leaks could be abolished in an upcoming update.

The FCC also proposed that future reports be submitted to the FBI and Secret Service. The FCC aims to collect input on a potential rule that companies should let customers know which categories of information were compromised.

Jessica Rosenworcel, the FCC chair, said that the objective is to protect consumers, improve security and boost reporting rules, The Record reported Friday.

She introduced the rule changes earlier in 2022, noting that existing regulations need to match the increasing complexity and frequency of cyber threats.

The FCC recently suggested a three-day period for reporting cyber incidents involving emergency alert systems. The new rules resulted from a discovery by the Federal Emergency Management Agency that hackers could display false alerts on television, radio, mobile phones and cable networks.

Industry experts noted that such requirements could help but expressed concern that legislation alone would not suffice to enhance EAS readiness. Reynold Hoover, a former FEMA chief of staff, said that upgrading the cyber defense capabilities of alert systems could prove more useful.