FCC Chair Proposes Updating Data Breach Reporting Requirements

Federal Communications Commission Chairwoman Jessica Rosenworcel is exploring an expansion of consumer protections by increasing requirements for internet service providers to report their security breaches. 

“Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information. But these rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers,” she said in a press release Wednesday. “Customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information. I look forward to having my colleagues join me in taking a fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”

Rosenworcel is floating the proposal to fellow commissioners in the wake of a string of massive cybersecurity compromises and as Congress has struggled to pass comprehensive incident reporting rules for companies and as leaders like Cybersecurity and Infrastructure Security Agency Director Jen Easterly and others in government have stressed the importance of such requirements for gaining insight into cyber threats that can help reduce their impact. 

According to the release, the proposal includes removing a current mandatory waiting period of seven business days for carriers to notify customers of a breach, building on current rules by adding notifications for inadvertent breaches, and requiring carriers to notify the FCC of their breaches, in addition to the FBI and U.S. Secret Service.

“The notice of proposed rulemaking circulated today further advances the FCC’s efforts to ensure its rules keep pace with evolving cybersecurity threats and to protect consumers in the face of today’s challenges,” the release reads. “The proposal also aims to ensure that the Commission and other federal law enforcement agencies receive the information they need in a timely manner so they can mitigate and prevent harm due to the breach and take action to reduce the likelihood of future incidents.”

Noting a robust to-do list, FCC watchers are calling for the Senate to confirm Gigi Sohn, who served as counsel to former commission chairman Tom Wheeler during the highly publicized debate over net neutrality, an issue Rosenworcel is expected to lead a revival of.

“For more than a year, the FCC has been operating without a full slate of commissioners, hampering its ability to advance all of the important tasks on its agenda,” reads a statement issued Tuesday by the Benton Institute for Broadband and Society, where Sohn is a senior fellow and public advocate. “Ms. Sohn needs to be voted out of the Committee this month and moved to the full Senate for a floor vote. The time for these votes is now.”