The FCC has proposed more rigorous data breach reporting requirements for telecom carriers in response to breaches that recently hit the telecommunications industry. On Wednesday, Chairwoman Jessica Rosenworcel shared the proposal in the form of a Notice of Proposed Rulemaking (NPRM), the first step in changing the FCC’s rules for alerting federal agencies and customers of data breaches. “Customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information,” Chairwoman Rosenworcel said.
<p>The FCC’s proposition that data breach reporting rules should be more rigorous on telecom carriers reflects the pressure put on governmental agencies to take better proactive action on cybersecurity.</p>
<p>Last year’s high-profile breaches that affected numerous supply chains and even large ICT organizations, many of which had a rippling effect on the average consumer, certainly caught the attention of governments and regulators across the globe.</p>
<p>Carriers collect an enormous amount of information about their customers, much of it consisting of private and highly sensitive data, so ensuring that these businesses respond responsibility and rapidly to any data breach—intentional hack or inadvertent data leak—helps to create a better collective culture of data privacy and security, and incidentally nurtures public trust.</p>
<p>Another mitigating tactic for businesses in telecom or any other industry is to adopt data-centric security, which applies strong tokenization or format-preserving encryption protection directly to sensitive data, making it unreadable and thus unusable by threat actors. Reporting that a breach has occurred but that no sensitive data has been revealed is a much better call than the alterative, with much better reception.</p>