After multiple data breaches, the FCC proposes new data breach rules for carriers0
Jessica Rosenworcel, the chairwoman of the FCC, said, "Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information. But these rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers. Customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information."
The current law obligates telecommunication providers to notify the FBI and Secret Service of a data breach within seven business days. Carriers must also wait for another seven business days after informing federal law enforcement before telling their clients about the data leak.
Currently, a carrier, in case of a data breach, can make an exception and tell its customers before the mandatory period, only if the situation is extraordinarily urgent and needs to prevent immediate and irreparable damage. But before informing customers, the carrier must first seek permission from the investigating agency.
The FCC proposal comes on the heels of another data breach in December 2021, in which some T-Mobile customers' personal information was leaked yet again. The December data breach wasn't as severe as the summer 2021 breach, which impacted approximately 50 million T-Mobile customers.