In December 2023 the FCC adopted updated data breach notification rules for telecommunications carriers, interconnected VoIP, and telecommunications relay services. The rules expanded the scope of covered personally identifiable information and broadened the definition of "breach" to include the inadvertent access, use, or disclosure of customer information, not just intentional acquisition.
In December 2023 the FCC adopted updated data breach notification rules applying to telecommunications carriers, interconnected VoIP providers, and telecommunications relay services. The update expanded the scope of personally identifiable information covered and broadened the definition of a "breach."
🔑 Inadvertent now counts
The key change is that a "breach" now includes the inadvertent access, use, or disclosure of customer information, not just intentional acquisition. An accidental exposure can therefore trigger notification obligations.
⚠️ Not the same as state breach laws
These rules are enforced by the FCC, and they are distinct from both the CPNI rules under the Telecommunications Act and from state data breach notification laws, which are typically enforced by state attorneys general.
Key terms - quick answers
What is “FCC 2023 breach rules”?
Updated data breach notification rules the FCC adopted in December 2023 for telecommunications carriers, interconnected VoIP, and telecommunications relay services; enforced by the FCC.
What is “Broadened 'breach' definition”?
Under the 2023 rules, a breach includes the inadvertent access, use, or disclosure of customer information, not only intentional acquisition.
What is “Expanded covered PII”?
The 2023 rules expanded the scope of personally identifiable information covered by the notification obligation.
What is “Enforcing agency”?
The FCC enforces these rules; they are distinct from the CPNI rules under the Telecommunications Act and from state breach-notification laws enforced by state attorneys general.