Telecommunications and cable TV companies who provide phone service will soon have to let you know if your personal information was caught up in a data breach, thanks to a Federal Communications Commission policy that goes into effect on March 13.
The filing, which was posted on Monday, broadens the definition of personal information that would trigger a need for disclosure. Prior to this rule, companies would only have to let you know if you were affected if it involved customer information like your phone bill information or usage charges. The new requirements include your name, numbers associated with government ID, email, passwords, and biometric info like fingerprints or eye scan. The filing was spotted by Bleeping Computer.
The companies have 30 days to disclose the information, unless held up by law enforcement. They also need to notify federal agencies within seven days for breaches that affect 500 or more people, or if no number can be determined.
The policy solidifies rules that were passed by the FCC in December. They also represent the first update to breach notification rules in 16 years, finally changing them to reflect an environment where data breaches are an increasingly common occurrence.
The definition of breach was also expanded to include the inadvertent use of customer information, so it doesn’t just include malicious hacks.
Please follow us on Facebook and X for more news, tips, and reviews. Need cord cutting tech support? Join our Cord Cutting Tech Support Facebook Group for help.