FCC Proposes Stricter Breach Disclosure Requirements
The Federal Communications Commission (FCC) has shared a proposal for stricter requirements for companies to disclose data breaches. According to the proposal, companies would be required to notify customers affected by inadvertent breaches, and it would get rid of the one-week waiting period before disclosure.
FCC chairwoman Jessica Rosenworcel shared the proposal. She said the updates would better align the commission’s rules with recent developments in federal and state data breach laws covering other sectors.
“Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information,” she said. “But these rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers. Customers deserve to be protected against the increase in frequency, sophistication and scale of these data leaks, and the consequences that can last years after an exposure of personal information.”
Lisa Plaggemier is interim executive director of the National Cybersecurity Alliance (NCA).
“While the entire cybersecurity world likely has something to gain from these new requirements, individuals and the public sphere will likely stand to benefit the most,” she said. “To say that digital is a staple of daily life for individuals would be a massive understatement. And with so much of our lives now conducted via digital means the security of our data and information is paramount. Unfortunately, because of the fragmented reporting structures that are in place, it can be tough for individuals to keep up with relevant breach information, determine whether they are impacted and ultimately what steps they need to take. Therefore, these revamped reporting requirements will likely help to foster a more clear process by which individuals can have clearer access to information and thus make better decisions around their cybersecurity.”
In terms of the public sphere, creating a successful cybersecurity environment requires each stakeholder to collaborate as closely as possible, Plaggemier said. These new guidelines look to lay the framework for better cooperation among the FCC, FBI and other government agencies, which will help put the government in a better place when it comes to cybersecurity planning and response.
The proposed guidelines would prompt companies to “think about their cybersecurity operations in new ways, and will help them better prioritize and identify where their potential weaknesses are and how to fix them,” she said.
