The Federal Communications Commission has tightened its rules for telcos, giving them a maximum of seven business days to disclose a breach of consumer data.
Data breaches and ransomware attacks continue to increase, with organizations of all sizes being impacted. In all cases, the sooner consumers are notified, the sooner they can take action to protect their data or be on guard against phishing attempts.
The FCC wants to ensure telco consumers have as much notice as possible, with new rules limiting how long companies have to disclose a breach impacting consumer data. The agency outlined its the changes in its final rule on the matter:
In this document, the Federal Communications Commission (Commission) modifies the Commission’s data breach notification rules to better ensure that providers of telecommunications, interconnected Voice over Internet Protocol (VoIP), and telecommunications relay services (TRS) are held accountable in their obligations to safeguard sensitive customer information, and to provide customers with the tools needed to protect themselves in the event that their data is compromised.
The agency limits the new rule to instances where a company has reason to believe consumer harm is likely to occur.
The Commission also adopts its proposal to require carriers to notify the Commission, in addition to the Secret Service and FBI, as soon as practicable, but no later than seven business days, after reasonable determination of a breach. The Commission next eliminates the requirement that carriers notify customers of a breach in cases where a carrier can reasonably determine that no harm to customers is reasonably likely to occur as a result of the breach.
The new rule will hopefully help consumers act sooner to protect their data in the wake of a breach.