The Federal Communications Commission is currently considering new rules that will update the way telecommunications companies report data breaches. FCC Chairwoman Jessica Rosenworcel explained that carriers must notify the FCC and the Federal Bureau of Investigations as well as US Secret Service of any unintentional or inadvertent breaches that could expose people’s personal data. It would also eliminate the seven-day waiting period that companies have to observe between notifying authorities about a breach and informing the public.
“The current law requires telecom carriers to protect the privacy of sensitive customer information,” Rosenworcel stated in a pressrelease regarding the proposal.
While this proposal starts the process towards actually changing the rules, the FCC did not offer a timeline for when to expect the next steps, such as a vote. The Commission has proposed a number of now-pending rules for telecom companies in recent months, including one in September month that would target what’s known as “SIM swapping” (a form of identity theft in which attackers take over your phone, often to get around two-factor authentication) and another in October month that would implement various measures to curb spam texts.
Data breaches using these methods and others are happening more often and affecting more people, the FCC explained in its newest proposal. In 2021, multiple telecommunications companies reported significant breaches, including Syniverse, which provides services to large providers such as AT&T, Verizon, and T-Mobile. T-Mobile also reported two additional breaches of its own in August and December. These combined attacks were believed to have affected millions of customers.
Congress has taken note of the mounting data breaches this year, and on Thursday, a bipartisan coalition of lawmakers announced the Terms-of-serv