The proposal would specifically eliminate a current seven-day waiting period for companies to notify customers of a data breach, require companies to notify customers of inadvertent or accidental data breaches, and require carriers to notify the FCC of all reportable breaches in addition to the FBI and Secret Service.
“Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information. But these rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers,” Rosenworcel said in a statement. “Customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information.”
The FCC did not say when the proposal would be voted on.
Last summer, T-Mobile suffered a data breach that affected millions of customers. The company said 7.8 million customer accounts’ information was stolen, along with “just over” 40 million records of “former or prospective customers who had previously applied for credit with T-Mobile.” Additionally, the company said 850,000 active customers had their names, phone numbers, and account PINs exposed. T-Mobile acknowledged the data breach a day after Motherboard reported on it. T-Mobile said it was made aware of the incident prior to Motherboard’s report. The new rules proposed by Rosenworcel would increase the transparency companies need to have when alerting the public to data breaches.
*First Published: Jan 13, 2022, 9:33 am CST
Andrew Wyrich is the deputy tech editor at the Daily Dot. Andrew has written for USA Today, NorthJersey.com, and other newspapers and websites. His work has been recognized by the Society of the Silurians, Investigative Reporters & Editors (IRE), and the Society of Professional Journalists (SPJ).