FCC Proposes Stricter Requirements for Reporting Data Breaches

The Federal Communications Commission is the next US regulator hoping to hold companies more accountable for data breaches. From a report: Chairwoman Jessica Rosenworcel has shared a rulemaking proposal that would introduce stricter requirements for data breach reporting. Most notably, the new rules would require notifications for customers affected by “inadvertent” breaches — companies that leave data exposed would have to be just as communicative as victims of cyberattacks. The requirements would also scrap a mandatory one-week waiting period for notifying customers. Carriers, meanwhile, would have to disclose reportable breaches to the FCC in addition to the FBI and Secret Service. Rosenworcel argued the tougher rules were necessary to account for the “evolving nature” of breaches and the risks they posed to victims. People ought to be protected against larger and more frequent incidents, the FCC chair said — that is, regulations need to catch up with reality.

Source link