The FCC wants to make some big changes to data breach reporting

Proposed rules would require businesses to be more upfront with consumers regarding breaches

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The Federal Communications Commission (FCC) has revealed its plan to change the rules regarding how businesses report bothdata breachesanddata leaksto their customers and the federal government.

FCC ChairwomanJessica Rosenworcelhas put forth a Notice of Proposed Rulemaking (NPRM) that would begin the process of changing the government agency’s rules for notification customers and federal law enforcement about data breaches.

Rosenworcel explained in apress releasethat the increased frequency  of breaches and leaks is why she shared her new NPRM with colleagues at the FCC, saying:

“Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information. But these rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers. Customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information. I look forward to having my colleagues join me in taking a fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”

Updated breach notification requirements

Rosenworcel’s proposal outlines several updates to the FCC’s current rules in regard to how businesses notify customers and government agencies about breaches.

The first of which and likely the most important is that the current seven business day mandatory waiting period fornotifying customers of a breachwould be eliminated. If the proposal is accepted, this would mean that consumers would have more time tochange their passwordsand even invest inidentity theft protectionservices before those responsible for a breach could use their data against them.

At the same time, the proposal would expand customer protections by requiring businesses to notify consumers of inadvertent breaches or data leaks. This could put additional pressure on companies to properly secure their data as their business could be affected by the news that theyleft a database unsecuredonline. Finally, Rosenworcel’s proposal would require mobile carriers to notify the FCC of all reportable breaches in addition to both the FBI and US Secret Service.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The FCC’s next open meeting is scheduled for later this month and we’ll have to wait until then to see if the government agency approves the new data breach and data leak rules proposed by Rosenworcel.

We’ve also featured thebest firewall,best endpoint protection softwareandbest malware removal software

ViaEngadget

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

Latest Google Pixel update includes surprise launch of Android 15’s best battery feature