Sponsored Links

FCC proposes stricter requirements for reporting data breaches

Companies would even have to report accidental breaches.
WASHINGTON, DC - JUNE 24:  Federal Communication Commission Commissioner Jessica Rosenworcel testifies during an oversight hearing to examine the Federal Communications Commission on Capitol Hill on June 24, 2020 in Washington, DC. The hearing was held by the Senate Committee for Commerce, Science, and Transportation. (Photo by Jonathan Newton-Pool/Getty Images)
Jonathan Newton-Pool/Getty Images
Jon Fingas
Jon Fingas|@jonfingas|January 12, 2022 3:43 PM

The Federal Communications Commission is the next US regulator hoping to hold companies more accountable for data breaches. Chairwoman Jessica Rosenworcel has shared a rulemaking proposal that would introduce stricter requirements for data breach reporting. Most notably, the new rules would require notifications for customers affected by "inadvertent" breaches — companies that leave data exposed would have to be just as communicative as victims of cyberattacks.

The requirements would also scrap a mandatory one-week waiting period for notifying customers. Carriers, meanwhile, would have to disclose reportable breaches to the FCC in addition to the FBI and Secret Service.

Rosenworcel argued the tougher rules were necessary to account for the "evolving nature" of breaches and the risks they posed to victims. People ought to be protected against larger and more frequent incidents, the FCC chair said — that is, regulations need to catch up with reality.

The FCC didn't say when the proposal might come up for a vote, although the FCC's next open meeting is slated for January 27th. There's no guarantee the Commission will greenlight the new requirements. It won't be surprising if the rulemaking moves forward, however. While companies are now more likely to disclose breaches, there have been multiple high-profile incidents where those firms took too long to alert customers or didn't notify them at all. The new measures could cut that wait time, giving people a better chance of securing their data and preventing fraud.

FCC proposes stricter requirements for reporting data breaches