The Federal Communications Commission on
Friday unanimously moved forward with a proposal to require telecoms to notify consumers, federal law-enforcement agencies and the Commission itself about all data breaches, including
“inadvertent” ones.
The agency also proposed eliminating a current rule that requires telecoms to delay informing consumers about data breaches until at least seven business days
have passed since law enforcement was notified.
FCC Chair Jessica Rosenworcel stated Friday that the proposal aims to boost cyber security while also modernizing the agency's data-breach
rules.
Those rules were last updated in 2007 -- two years before the iPhone was released.
“This new proceeding will take a much-needed, fresh look at our data breach reporting
rules to better protect consumers, increase security, and reduce the impact of future breaches,” she stated.
The agency will solicit comments from the public about the potential new
rules, as well as whether telecoms should be required to notify consumers about “specific categories of information” that were compromised.
“Our mobile phones are in our
palms, pockets, and purses. We rarely go anywhere without them,” Rosenworcel stated Friday. “But this always-on connectivity means that our carriers have access to a treasure trove of data
about who we are, where we have traveled, and who we have talked to. It is vitally important that this deeply personal data does not fall into the wrong hands.”
She first floated the
potential new rules last January.
Advocacy group Public Knowledge praised the FCC's move.
“While most people think about data privacy as an internet thing, our phones and
phone information remain some of our most sensitive personal information,” Harold Feld, senior vice president of Public Knowledge, stated Friday.
“A lot
has changed in the 15 years since the FCC adopted the existing rules, and it is high time the Commission’s rules reflect these changes,” he added.