The Federal Communications Commission is the next US regulator hoping to hold companies accountable for data breaches. President Jessica Rosenworcel shared a proposed regulation that would introduce stricter requirements for data breach reporting. Most notably, the new rules would require notifications to customers affected by “inadvertent” breaches – companies leaving data exposed would have to be just as communicative as victims of cyberattacks.
The requirements would also eliminate a mandatory one-week waiting period to notify customers. In the meantime, operators would have to disclose reportable violations to the FCC in addition to the FBI and Secret Service.
Rosenworcel argued that tougher rules were needed to explain the “evolving nature” of violations and the risks they posed to victims. People must be protected from bigger and more frequent incidents, the FCC chairman said – meaning regulations need to keep up with reality.
The FCC did not say when the proposal could be voted on, although the FCC’s next open meeting is scheduled for January 27. There is no guarantee that the Commission will give the green light to the new requirements. It won’t be surprising if regulation moves forward, however. While companies are now more likely to disclose breaches, there have been several high-profile incidents where these companies took too long to alert customers or failed to notify them. The new measures can reduce that wait time, giving people a better chance to protect their data and prevent fraud.
All products recommended by Ploonge are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.