The CyberWire: Feedback on FCC breach reporting requirements

March 29, 2023

In January the US Federal Communications Commission (FCC) announced proposed changes to its data breach reporting requirements, asking for comment by March 24. Telecom industry leaders have shared their feedback, and, as Fierce Telecom explains, they have some concerns. For one, they do not feel the FCC should expand its definition of the term “data breach” unless they also add a “harm-based trigger” for reporting. In other words, they believe reporting requirements should be dependent on the amount of harm caused by the incident. Of course, such a system would also be dependent on the definition of “harm,” and industry groups also have differing opinions there. USTelecom, Verizon, and the Cellular Telephone Industries Association feel reporting should have a threshold trigger based on the size of the breach. However, the Electronic Privacy Information Center, Center for Democracy and Technology, and Public Knowledge such thresholds could overlook the fact that, for consumers, any “unauthorized access of their data is inherently harmful,” regardless of the breach’s size.

Read the full article here.

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.