New FCC rule oblige ISPs to report data breach within the seven days
The Federal Communications Commission has introduced updated reporting requirements for ISPs in the US. They will have seven days to officially disclose criminal breaches in their systems
The US Federal Communications Commission (FCC) modifies the data breach notification rules, to held internet service providers (ISPs) in the US accountable in their obligations to: ‘safeguard sensitive customer information, and to provide customers with the tools needed to protect themselves in the event that their data is compromised’
The FCC rules that ISPs needs to rapport the data breach or lost of the users data, within the seven days from the occurrence. The same deadline now exists to report any data leaks to the FBI and US Secret Service. The FCC also adopts its proposal to expand its definition of “breach” for telecommunications carriers to include inadvertent access, use, or disclosure of customer information, except in those cases where such information is acquired in good faith by an employee or agent of a carrier, and such information is not used improperly or further disclosed.
After being proposed in January, and after 30 days period for consultations, the FCC officially adopted the changes with their final rule. The new rule goes into effect on March 13 and covers telecom relay service providers as well.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.