NewsCovering the Nation

Actions

FCC Chairwoman pushes for change in waiting period for data breach reporting

The proposal would eliminate the 7-day waiting period.
Cell phone
Posted at 2:29 PM, Jan 31, 2022
and last updated 2022-01-31 14:29:57-05

U.S. law requires major phone companies to wait seven days before letting users know about a data breach.

It's a rule that FCC Chairwoman Jessica Rosenworcel is hoping to change.

In January, she sent out a proposal that would eliminate "the current seven business day mandatory waiting period for notifying customers of a breach," along with several other changes designed to help people protect their data.

"The idea that I could have my phone hijacked by somebody else, and used in a way that appears to be me, puts a lot of other systems at risk," said Karen Worstell, a senior cybersecurity strategist at VMware, a company which provides multi-cloud services for all apps.

"That's the reason why the FCC is looking at notifying customers early. Customers have to make a choice about what they're going to do about their phone security."

It's an idea echoed by Rosenworcel.

"[T]hese rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected to consumers," Rosenworcel said in a written statement about the proposal.

"Customers deserve to be protected against the increase in frequency, sophistication and scale of these data leaks."

Not everyone agrees.

There are currently only four people serving on the five-person Federal Communications Commission, and they are split along party lines: two Democrats and two Republicans.

President Joe Biden's nominee to join the FCC, Gigi Sohn, has been stalled in the Senate for several months.

The Senate Committee on Commerce, Science and Transportation is scheduled to vote on her nomination Wednesday.

If approved, she would still have to pass a vote of the full Senate.

FCC action can't come soon enough to save most Americans from having their personal information exposed.

By one estimate, every person in the U.S. had their data stolen four times during 2019.

Breaches have become more common since then.

"We do seem to still have an under-reporting of breaches," Worstell said.

"I'm not exactly sure why. But the understanding is that there are breaches occurring that are not currently being reported. There's a few ways that companies can avoid doing a reporting of a breach. And so many of them may be taking advantage "

Worstell said it's important for all of us to keep an eye out for unfamiliar transactions on our bank or credit card accounts.

She recommended setting up alerts with your bank.

But the most important thing consumers can do, according to Worstell, is activating two-factor authentication on any apps containing personal data.

"Two-factor authentication just means that you have your name, your user id, your password, and another code, usually something that was sent to your phone," Worstell said.

"I would implement that everywhere. Everywhere. Passwords are absolutely worthless at this point in time. If you want to put in 17-character, complex passwords on all of your accounts, go ahead and do that. They're still breakable."