UPDATE Five telecom industry associations want a federal appeals court to set aside the FCC’s new data breach reporting rules. The five are: ACA Connects – America’s Communications Association; Competitive Carriers Association; NTCA – The Rural Broadband Association; WISPA – The Association for Broadband Without Boundaries; and WTA – Advocates for Rural Broadband.
They told an appeals court in a brief filed last Thursday that the data breach reporting requirements are a burden that exceeds the FCC’s legal authority. They say the agency “erred in extending its breach notice requirements beyond customer proprietary network information.”
The Commission voted in December 2023, to expand its 16-year-old data breach notification rules, Inside Towers reported. The point is for carriers to better protect sensitive customer information. The action would also enable customers to protect themselves if their data is compromised, according to the agency.
The updates widen the scope of the Commission’s breach notification rules to cover certain personally identifiable information that carriers and telecommunications relay services (TRS) providers hold concerning their customers. They expand the definition of ”breach” to include inadvertent access, use, or disclosure of customer information. The Report and Order also requires carriers and TRS providers to notify the Commission of data breaches, in addition to their current obligation to notify the U.S. Secret Service and FBI.
GOP Commissioners Brendan Carr and Nathon Simington dissented from the Democratic majority, saying the new rules basically mimic changes adopted in 2016, that were nullified by Congress and the president. Carr said the new version “plainly violates the law,” Inside Towers reported.
CTIA agreed, noting at the time the new rules go “beyond the bounds of the Commission’s authority and [are] not harmonized with other reporting approaches. The overbreadth of these rules will also present operational challenges for wireless providers while doing little to enhance consumer protection.”
The costs associated with compliance of new and overlapping regulatory obligations like these, “detract from the core work of the associations’ members to connect existing and new customers in hard-to-serve areas and close the digital divide,” the groups told the U.S. Court of Appeals for the Sixth Circuit.
The associations say the order “undermines Congress’s connectivity goals by unnecessarily and unlawfully imposing significant compliance costs on association members, most of which are small businesses that lack dedicated privacy teams and in-house attorneys to navigate the requirements that the FCC has stacked atop existing state and federal data breach notification laws.”
By Leslie Stimson, Inside Towers Washington Bureau Chief
Reader Interactions