The proposal is part of its plan to align FCC rules with federal and state laws.
01/23/2023 1:45 P.M.
2.5 minute read
The Federal Communications Commission recently released a notice of proposed rulemaking (NPRM) to strengthen the commission’s rules for notifying consumers and federal law enforcement of breaches of customer proprietary network information (CPNI) and comments are due Feb. 22, 2023.
The commission plans to better align its rules with recent changes in federal and state laws addressing data breaches in other areas.
“The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements,” said FCC Chairwoman Jessica Rosenworcel. “This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”
The NPRM launches a formal proceeding to collect data on this subject and solicit feedback on rule amendments proposed by the commission. The FCC also suggests getting rid of the present need to wait seven business days before notifying customers of a breach and intends to make its regulations clearer, forcing carriers to notify consumers of any unintentional breaches and to notify the FCC, FBI, and U.S. Secret Service of any breaches that are reportable.
The FCC is also soliciting feedback on whether it should mandate that certain types of information be included in customer breach warnings to help ensure they contain relevant information that may be used by consumers. The commission’s telecommunications relay services (TRS) data breach reporting rule is also up for amendment, and those changes are also proposed in the notice.
“Our mobile phones are in our palms, pockets, and purses. We rarely go anywhere without them. There is good reason for this—the convenience and safety of being able to reach out anytime and virtually anywhere is powerful,” Rosenworcel said in a news release available on the FCC’s website. “But this always-on connectivity means that our carriers have access to a treasure trove of data about who we are, where we have traveled, and who we have talked to. It is vitally important that this deeply personal data does not fall into the wrong hands.”
More information on the proposed rulemaking (PDF).
To submit comments online:
Visit the FCC: https://apps.fcc.gov/ecfs/, select “Standard Filing” and identify your filing by WC Docket No. 22-21.
Parties who choose to file by paper must file an original and one copy of each filing.
- Filings can be sent by commercial overnight courier, or by first-class or overnight U.S. Postal Service mail. All filings must be addressed to the Commission’s Secretary, Office of the Secretary, Federal Communications Commission.
- Commercial overnight mail (other than U.S. Postal Service Express Mail and Priority Mail) must be sent to 9050 Junction Drive, Annapolis Junction, MD 20701. U.S. Postal Service first-class, Express, and Priority mail must be addressed to 45 L Street NE, Washington, D.C. 20554.
More information on submitting comments.
If you have executive leadership updates or other member news to share with ACA, contact our communications department at [email protected]. View our publications page for more information and our news submission guidelines here.