FCC Proposes To Strengthen Data Breach Notification Rules for Telecom Operators
Marc S. Martin, Belinda Nixon, Samuel Klein, and Tyler Robbins of Perkins Coie write:
In response to the increased frequency and severity of data breaches in the telecommunications industry, the Federal Communications Commission recently published a Notice of Proposed Rulemaking that seeks to strengthen and broaden its breach notification rules arising from the unauthorized disclosure of customer proprietary network information (CPNI). This rulemaking is the first effort by the FCC to update its notification rules since these were adopted nearly two decades ago. These rules apply to providers of telecom services (i.e., telecom carriers). Generally, CPNI is defined as certain individually identifiable customer information received or obtained by a telecom carrier during the carrier-customer relationship. The FCC intends to better align its data breach notification rules with federal and state data breach notification laws that cover other industries. In particular, the FCC proposes the following:
Expanding the definition of “breach” to include inadvertent access, use, or disclosure of customer information.
Adding a requirement that, in addition to federal law enforcement, the FCC be notified of breaches in a timely manner.
Eliminating the mandatory seven-day waiting period before notifying customers of a breach.
Read more at PerkinsCoie.