Updated FCC data breach rules unveiled

The Federal Communications Commission has introduced updated data breach rules for telecommunications firms that expand the definition of breach to unintended customer data access, use, or disclosure, according to The Record, a news site by cybersecurity firm Recorded Future. Aside from requiring telecommunications carriers and providers to provide breach notifications to the FCC, the new rules also mandate the release of breach notices to impacted customers within 30 days unless a deferral has been requested by law enforcement. Such changes, which come after updated breach notification requirements from the Federal Trade Commission and the Securities and Exchange Commission, have been adopted to enhance protections for personal data stored by telecommunications firms. "This information could provide insights into medical conditions, religious beliefs, and other aspects of a persons private life," said the FCC. Meanwhile, the new rules have been criticized by Republican senators, including Minority Leader Mitch McConnell, R-Ky., and Sen. Ted Cruz, R-Texas, to subvert a 2016 order from Congress limiting privacy restrictions by the FCC.