FCC Proposes Stricter Regulations for Data Breach Disclosure 


The Federal Communications Commission (FCC) has proposed stricter requirements for companies to disclose data breaches.

According to the proposal, companies would be required to notify customers affected by inadvertent breaches, and the one-week waiting period before disclosure would be eliminated.

The updates would better align the FCCs rules with recent developments in federal and state data breach laws covering other sectors.    

Lisa Plaggemier, interim executive director of the National Cyber Security Alliance, explained the Biden administration—and government in general—have been making a lot of positive attempts to build more modern and effective cybersecurity protocols in the wake of last year’s news cycle dominated by several high-profile breaches.

“These new guidelines fall right in line with these overarching intentions, and similar measures will likely follow suit in the months and years to come,” she said. 

Unfortunately, last year’s hectic breach-centric news cycle laid bare just how fragmented the government’s oversight and reporting procedures are for the cybersecurity industry.

Moreover, Plaggemier said those constant reports highlighted how important it is for the public and private sector to rethink the way we collectively approach cybersecurity and report cybersecurity incidents.

FCC Addresses Breach Notification Requirements

The proposal outlines several updates to current FCC rules addressing telecommunications carriers’ breach notification requirements, including requiring carriers to notify the commission of all reportable breaches in addition to the FBI and U.S. Secret Service.

The FCC proposal also seeks comment on whether the commission should require customer breach notices to include specific categories of information to help ensure they contain actionable information useful to the consumer, and proposes to make consistent revisions to the commission’s telecommunications relay services (TRS) data breach reporting rule.  

“Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information,” FCC chairwoman Jessica Rosenworcel said in a statement. “But these rules need…

Source…