A federal appeals court has voted in favor of the Federal Communications Commission's rules for data breach reporting, reports The Record, a news site by cybersecurity firm Recorded Future.
Industry groups had challenged the rules, claiming they exceeded the FCC's authority, but the court disagreed in a 2 to 1 decision. The regulations require telecom companies to report breaches that involve at least 500 customers personally identifiable information. The reporting must be done within seven business days. The rules update the FCC's breach reporting requirements for the first time in 16 years, expanding the coverage from traditional data such as call records and billing info to include PII such as Social Security numbers and email addresses. The rules were approved in December 2023 and enforced starting March 2024. The majority judges determined that the FCC has authority to impose the data breach reporting regulations and confirmed that the rules do not violate the Congressional Review Act. TracFone, T-Mobile, and AT&T are some of the telecom companies that have been involved with high-profile data breach settlements with the FCC in recent years.
Industry groups had challenged the rules, claiming they exceeded the FCC's authority, but the court disagreed in a 2 to 1 decision. The regulations require telecom companies to report breaches that involve at least 500 customers personally identifiable information. The reporting must be done within seven business days. The rules update the FCC's breach reporting requirements for the first time in 16 years, expanding the coverage from traditional data such as call records and billing info to include PII such as Social Security numbers and email addresses. The rules were approved in December 2023 and enforced starting March 2024. The majority judges determined that the FCC has authority to impose the data breach reporting regulations and confirmed that the rules do not violate the Congressional Review Act. TracFone, T-Mobile, and AT&T are some of the telecom companies that have been involved with high-profile data breach settlements with the FCC in recent years.
