On January 12, 2022, Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel issued a Notice of Proposed Rulemaking (NPRM) relating to new data breach notification requirements for the telecommunications industry. The proposals come in response to recent data breaches in the telecommunications industry which have highlighted the need for updated requirements in this area.
The NPRM is the first step towards reform for data breach notification requirements in the telecommunications industry. However, the proposal is still being circulated throughout the FCC before it can be released for public comment. Following this process, the FCC can issue its final ruling.
What are the FCC’s proposed new data breach notification requirements?
The NPRM currently being circulated within the FCC puts forward several updates to the current rules surrounding data breach notification for telecommunication carriers. The proposed rules seek to strengthen the FCC’s existing rules for notifying customers and federal law enforcement of breaches of customer proprietary network information (CPNI).
The FCC’s proposed data breach notification requirements include:
- Removing the seven business day mandatory waiting period for notifying customers of a breach
- A requirement to notify customers of inadvertent breaches
- Requirements for carriers to notify the FCC of all reportable breaches in addition to the FBI and U.S. Secret Service.
Speaking on the proposals Chairwoman Rosenworcel said, “Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information. But these rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers.”
Although these proposals are still in the early stages of the rule making process organizations operating in the telecommunications industry should follow this story closely as there will be several new requirements to comply with should the proposals come to pass. Sign up to OneTrust DataGuidance to keep up to date with this story as it develops as well as other privacy and security news from across the world.
Further reading on the FCC’s proposed data breach notification requirements
- OneTrust DataGuidance News: FCC publishes proposal for new data breach reporting requirements
- FCC Press Release: Chair Rosenworcel Circulates New Data Breach Reporting Requirements