The Federal Communications Commission on Friday unanimously moved forward with a proposal to require telecoms to notify consumers, federal law-enforcement agencies and the Commission itself about all data breaches, including “inadvertent” ones.
The agency also proposed eliminating a current rule that requires telecoms to delay informing consumers about data breaches until at least seven business days have passed since law enforcement was notified.
FCC Chair Jessica Rosenworcel stated Friday that the proposal aims to boost cyber security while also modernizing the agency's data-breach rules.
Those rules were last updated in 2007 -- two years before the iPhone was released.
“This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches,” she stated.
The agency will solicit comments from the public about the potential new rules, as well as whether telecoms should be required to notify consumers about “specific categories of information” that were compromised.
“Our mobile phones are in our palms, pockets, and purses. We rarely go anywhere without them,” Rosenworcel stated Friday. “But this always-on connectivity means that our carriers have access to a treasure trove of data about who we are, where we have traveled, and who we have talked to. It is vitally important that this deeply personal data does not fall into the wrong hands.”
She first floated the potential new rules last January.
Advocacy group Public Knowledge praised the FCC's move.
“While most people think about data privacy as an internet thing, our phones and phone information remain some of our most sensitive personal information,” Harold Feld, senior vice president of Public Knowledge, stated Friday.
“A lot has changed in the 15 years since the FCC adopted the existing rules, and it is high time the Commission’s rules reflect these changes,” he added.