United States of America: Adopted FCC Rule updating Data Breach Reporting Requirements

On 13 December 2023, the Federal Communications Commission (FCC) adopted the Data Breach Notification Rules. The revised rules aim to ensure that providers of telecommunications, interconnected Voice over Internet Protocol (VoIP), and telecommunications relay services (TRS) adequately protect sensitive customer information. The updated rules seek to expand the scope to cover certain personally identifiable information. It also expands the definition of "breach" to include inadvertent access, use, or disclosure of customer information. In addition, providers must notify the FCC, alongside the existing obligation to notify the Secret Service and the Federal Bureau of Investigation. Carriers and TRS providers must notify customers of breaches without unreasonable delay, within 30 days of discovering a breach, unless law enforcement requests a delay.