The Register: “The FCC’s updated reporting requirements mean telcos in America will have just seven days to officially disclose that a criminal has broken into their systems. After releasing a proposed rule in early January and giving the industry 30 days to respond, the FCC’s final rule was published today. It solidifies what the agency proposed a little more than a month ago, and what was teased in early 2022 when FCC chairwoman Jessica Rosenworcel drafted initial changes to the commission’s 16-year old security “breach” reporting duties. Along with requiring that attacks are reported to the FCC within seven days of a telco discovering them, the same deadline now exists to report any data leaks to the FBI and US Secret Service as well. As the FCC planned, the new rule also eliminates the mandatory seven-day waiting period for reporting break-ins to consumers. The FCC now “requires carriers to notify customers of breaches of covered data without unreasonable delay … and in no case more than 30 days following reasonable determination of a breach.” “Reasonable determination” of a data blurt is further defined as “when the carrier has information indicating that it is more likely than not that there was a breach” and “does not mean reaching a conclusion regarding every fact surrounding a data security incident that may constitute a breach.” In other words, if customers are affected then they had better be notified post-haste…”
Sorry, comments are closed for this post.