FCC proposes stricter requirements for reporting data breaches - TechCrunch
The Federal Communications Commission is the next U.S. regulator that hopes to hold companies more accountable for data breaches. President Jessica Rosenworcel has proposed the making of shared rules that would include stricter requirements for reporting data breaches. In particular, the new rules would require notifications for customers affected by "unknowable" breaches - companies that leave data open must be as communicating as the victims of cyber attacks.
The requirements would also remove a one-week waiting period for notifications. At the same time, hackers had to report a breach to the FCC as well as the FBI and the Secret Service.
Rosenworcel argued that stricter rules were needed to account for the "evolutionary nature" of breaches and the risks they posed to victims. People should be protected from larger and more frequent incidents, said the FCC chairman - that is, rules must uphold the reality.
The FCC has not said when the proposal could come up for a vote, although the FCC's next open meeting is scheduled for January 27th. There is no guarantee that the Commission will implement the new requirements. It will not be surprising if the regulation goes ahead, however. While companies are now more likely to report breaches, there have been a number of high profile events where these companies took too long to contact customers or did not contact them at all. The new measures could reduce waiting times, give people better access to their data and prevent fraud.
Editor's note: This article originally appeared on Engadget.