On February 12, 2024, the FCC published in the Federal Register the Report and Order (“R&O”) updating the Commission’s data breach notification rules aimed at ensuring that telecommunications carriers and interconnected VoIP providers, along with telecommunications relay service (“TRS”) providers adequately safeguard sensitive customer information.
The Report and Order is effective March 13, 2024, except for the amendments to the following provisions, which are delayed indefinitely to obtain OMB approval:
- 47 C.F.R. § 64.2011 Notification of Security Breaches (instruction 3), which requires telecommunications carriers to notify the Commission and Federal Law Enforcement of certain breaches as soon as practicable and not later than seven business days after determination of a breach, notify consumers of certain breaches as soon as possible after notification to the Commission and Federal Law Enforcement and no later than 30 days after reasonable determination of a breach, comply with certain recordkeeping requirements, and submit annual reports of certain small breaches.
- 47 C.F.R. § 64.5111 Notification of Security Breaches (instruction 4), which requires TRS providers to comply with substantially similar reporting and recordkeeping requirements as those set forth in section 64.2011.
The FCC will publish notice of the effective date of these provisions in the Federal Register once it receives OMB approval.
For additional information please see previous blog post FCC Releases Adopted Data Breach R&O.
Please Contact Us if you have any questions.
The post FCC Publishes Data Breach R&O in Fed. Reg. first appeared on Telecommunications Law Professionals, PLLC.