The Federal Communications Commission isn’t done dragging data breach policy into the modern era. The agency has proposed rules that would improve reporting for breaches at carriers. Most notably, the move would scrap a mandatory wait of seven business days before a telecom can warn customers about a security incident. Hackers would have a shorter window of opportunity to abuse your data without your knowledge, to put it another way.
The proposal would also clarify that carriers must notify the FCC, FBI and Secret Service of any reportable data breaches. Providers would likewise have to alert customers to inadvertent breaches, such as leaving account info exposed. The Commission is simultaneously asking for public input on whether or not breach alerts should include specific information to help people take action. such as the nature of the compromised data.
The FCC isn’t shy about its reasoning behind the tentative rule change. The existing rules are more than 15 years old, and are reportedly “out-of-step” at a time where it’s frequently vital to notify victims and authorities as quickly as possible. In theory, telecoms will warn users sooner and reduce the chances of identity fraud and follow-up hacks. This won’t guarantee timely alerts, but it could minimize the damage for both customers and the networks’ bottom line. It’s also more consistent with other laws on breach reporting, particularly in states like California.
There are potential problems. The proposed rule change would let federal agencies delay customer warnings for an initial period of up to 30 days if the notice might jeopardize a criminal investigation or national security. That could put the general public at risk. The FCC is also wondering whether or not there should be a ceiling on the notification period, and whether smaller carriers should get more time to report intrusions. Public comments (open 30 days after the proposal reaches the Federal Register) may help shape these rules, but there’s no guarantee the end result will address every concern.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.