The FCC has adopted updated breach notification rules to ensure that providers of telecommunications, interconnected Voice over Internet Protocol (VoIP), and telecommunications relay services (TRS) adequately safeguard sensitive customer information. The FCC’s updated rules: (1) expand the scope of the FCC’s breach notification rules to cover certain customer personally identifiable information that carriers and TRS providers hold; and (2) expand the definition of what constitutes a “breach.”
Additionally, the adopted rules will: (1) require carriers and TRS providers to notify the FCC of any breach through the existing central reporting facility; (2) eliminate the requirement to notify customers of a breach in instances where a carrier or TRS provider can reasonably conclude that no harm to customers is reasonably likely to occur; and (3) eliminate the mandatory waiting period for carriers and TRS providers to notify customers and instead require such carriers and TRS providers to notify customers of covered data breaches without unreasonable delay.