The U.S. Federal Communications Commission (FCC) has updated its privacy protection rules and breach notification requirements. The new rule expands the scope of breach notification requirements to cover all personal identifiable information held by carriers and telecommunications relay service providers. They must provide individual notifications within seven business days of a breach affecting 500 or more customers. The updated rules were approved by three Democrats on the commission, while the two Republicans dissented. Data breaches have become more frequent and severe over the past two decades, according to the FCC. The think tank Public Knowledge praised the new rules for holding carriers accountable for protecting customer data. However, broadband providers are exempt from the rule due to the FCC’s limited regulatory power over them. The FCC first adopted breach notification rules in 2007 to protect against fraud.
