Home > Media News > New Data Breach Policy for Phone Companies by FCC in US

New Data Breach Policy for Phone Companies by FCC in US
19 Jan, 2022 / 08:54 AM / Reeny Joseph

1045 Views

Phone companies could have to follow new rules about how they notify customers and the government following a data breach if a proposal from the Federal Communication Commission’s chairwoman Jessica Rosenworcel passes. The notice of proposed rule making, released, cites the “increasing frequency and severity of security breaches involving customer information” as a risk to consumers.

The current rules give telecommunication providers seven business days to notify the FBI and Secret Service of data breaches that leak customer proprietary network information, or CPNI. In most cases, the company cannot notify customers about the breach until seven business days after information has been relayed to federal law enforcement. The proposal suggests doing away with that mandatory waiting period and adds the FCC to the list of agencies that companies will have to notify in the case of a data breach. It also says that they would have to send out notifications even in the case of inadvertent breaches.

CPNI is “some of the most sensitive personal information that carriers and providers have about their customers,” according to the FCC. It can include data like who a customer made calls to and when and where those calls were made. It can also include customers’ billing account name, phone and account number, and info about their plan. The proposed update would “better align the Commission’s rules” with the ones that have recently been put in place for other industries by federal and state governments, according to the notice.