- Emergency Consultation Services
- Risk Management Services
- Who We Are
- Our People
- What We Do
- Why We Are Different
- What’s New
- Where We Are
On January 6, 2023, the Federal Communications Commission (“FCC”) proposed new rules for data breach reporting in the telecommunications industry.
The Notice of Proposed Rulemaking recognizes that “[i]n the telecommunications industry, the public has suffered an increasing number of security breaches of customer information in recent years,” and cites to examples of multiple breaches that together have affected tens of millions of people since 2015. As the proposed reporting requirements are in addition to, and would not replace any State requirements that may be applicable to a given breach, part of the FCC’s goal appears to become better aligned with other applicable reporting requirements that have evolved since it last set reporting rules in 2007. They also seek comments on how, if possible, to avoid duplicate reporting to Federal agencies and to minimize the burden on carriers.
Presently, whenever an unauthorized person intentionally obtains access to, uses customer proprietary network information (“CPNI”), or there is an unauthorized disclosure of CPNI, the carrier/provider is required to notify the FCC, Federal Bureau of Investigation and U.S. Secret Service, and to wait seven days following the law enforcement notification before then notifying affected customers. Unlike notification rules in other industries and in many states, the FCC does not currently identify specific information that must be included in customer notification and there are no exceptions as to what data breach events are reportable or require customer notification.
The most notable proposed changes include the following:
The public comment period will be open for thirty days, and reply comment period for sixty days thereafter. The progression of this rulemaking will be important to watch for both those in the telecom industry and data security professionals.
If you have questions about data breach reporting requirements, please contact your FMG attorney for more information.