The Federal Communications Commission (FCC) has introduced new regulations mandating telecommunication companies to report data breaches involving customers’ personally identifiable information (PII) within a 30-day window starting from March 13th. This update comes after a series of proposals dating back to January 2022, with the goal of modernizing breach notification rules to ensure swift communication to affected customers.
These regulations represent a significant expansion of breach notification requirements, extending beyond customer proprietary network information (CPNI) to cover PII. The FCC emphasizes the necessity of holding telecommunications providers accountable for safeguarding sensitive customer data and empowering customers with the means to protect themselves in the event of a breach.
Moreover, the FCC’s rule removes the obligatory waiting period for carriers to inform customers and mandates prompt notification after alerting relevant federal agencies. However, the notification delay should not exceed 30 days unless law enforcement imposes a longer delay. This move underscores the urgency of addressing data breaches and ensuring timely communication to affected individuals.
FCC Chairwoman Jessica Rosenworcel highlights the profound significance of protecting personal data in an era of ubiquitous connectivity. With mobile phones serving as repositories of sensitive information about individuals’ lives, the new regulations aim to mitigate the risks associated with data breaches and prevent unauthorized access to personal data.