Read at Theregister
The US Federal Communications Commission (FCC) has finalized new reporting requirements that give telecos only seven days to disclose a breach in their systems. The rule, which was proposed in January and released today, also eliminates the seven-day waiting period for reporting break-ins to consumers. Additionally, telcos must now report attacks and data leaks to the FBI and US Secret Service within the same seven-day timeframe.
"Reasonable determination" of a data breach is defined as "when the carrier has information indicating that it is more likely than not that there was a breach" and "does not mean reaching a conclusion regarding every fact surrounding a data security incident that may constitute a breach."
The FCC's new rule expands the scope of data exposure types that telecom customers must be notified of. Previously, customers only had to be informed if Customer proprietary network information (CPNI) was exposed. Now, personal identifiable information (PII) must also be included in breach reporting.
Personal identifiable information (PII) wasn't included in previous reporting requirements.