FCC Initiates a Rulemaking Proceeding to Update and Modernize the Data Breach Rule


The FCC is seeking comments on updating, strengthening and modernizing the data breach rule adopted in 2007 to provide greater protections to the public. At the time the FCC adopted the data breach rule, it was to protect customers from pre-texting, the practice of pretending to be a customer or other authorized person to obtain access to that customer’s call detail or other private communications records. As the industry has faced an increasing number of security breaches and because data breaches can have a lasting detrimental impact on customers, the FCC proposes, among others: (1) expanding the definition of a “breach” to include inadvertent disclosures of customer information; (2) requiring carriers to notify the FCC of, contemporaneously with law enforcement, any accidental access, use, or disclosures as soon as practicable after discovery of a breach; and, (3) requiring carriers to notify customers of breaches without unreasonable delay after discovery of a breach unless law enforcement requests a delay (thus eliminating the mandatory waiting period before notifying customers). The FCC also seeks comment on the content and method of customer breach notices. Comments are due 30 days after publication in the Federal Register and Reply Comments are due 60 days after publication.

Share Button