Logo
Media Centre

The FCC Seeks to Update and Strengthen Rules Regarding Breach Notification

Ariel Yosefi Israel (Ruly) Ber

26 January 2023

The US Federal Communications Commission (“FCC“) has recently joined the emerging trend of imposing stricter rules and regulations when it comes to notification of breach incidents.

On January 12th, 2023, the FCC has started a process of Proposed Rulemaking that would begin the process of strengthening the Commission’s rules for notifying customers and federal law enforcement of breaches of customer proprietary network information (CPNI).

According to the FCC’s Chairwoman, while there are currently rules in place that address these issues, these rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers. She further stated that customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information.

The main changes reflected in the proposed regulatory changes are:

  • Reducing the timeframe requirement regarding notification on breach The current rules provide telecommunication providers with 7 days to provide a notice following a breach. The proposed timeframe would be “as soon as practical”. This seems to be in line with the recently enacted federal legislation – the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) which was signed on March 2022. This is also aligned with other agencies that have sought to reduce the timelines for notification, such as the Federal Deposit Insurance Corporation (FDIC) and the SEC.

 

  • Expanding the definition and types of incidents that require notification. The FCC proposes to expand the definition of “breach” to include inadvertent access, use, or disclosures of customer information. This can drastically expand the scope of events that would be captured under this new regime.

 

  • On the other hand, the rulemaking process also asks for comments on whether the notification should:
    • take into account the option not to notify in cases where no harm is likely to be caused;
    • take into account the number of affected customers as a threshold for notification obligations;

 

  • The notice will be made to the FCC, FBI and the Secret Service.

 

The new rules would apply to US telecommunication carriers and VoIP providers.

We are happy to provide additional information and assistance on telecommunication matters on this and others matters.

 

Related Practice Areas

Related Lawyers

More news

Nebraska is the 17th US State to Adopt Comprehensive Data Protection Legislation
Maryland is the 16th US State to Pass Comprehensive Consumer Privacy Legislation
Kentucky is the 15th US State to Adopt Comprehensive Data Protection Legislation
JOIN OUR
Newsletter

    © 2020, All rights reserved, Herzog Law
    Site by Gootte

    The information contained in this web site is provided for informational purposes only and should not be construed as legal advice on any subject matter and should not be relied upon as such. Herzog accepts no responsibility for any consequences whatsoever arising from use of the information contained in this web site. The accessing of information contained in this web site shall under no circumstances be considered as creating an attorney-client relationship between Herzog and any party accessing this web site. Contacting through email any lawyer named in this web site or sending information without prior agreement of Herzog shall not be construed as automatically creating an attorney-client relationship between Herzog and the party sending an email or information. The material contained in this web site has been created by and remains the property of Herzog. No reproduction, transmission, publication or any other form of dissemination shall be permitted unless the prior written consent of Herzog has been obtained. This web site may contain links to other web sites operated by third parties. Herzog does not sponsor, approve or endorse the content of any such web site and is not responsible for the materials appearing in such sites.

    Search by
    Search by +

    Search