WTA Replies to Comments in Data Breach Notification Proceeding
Today, WTA filed reply comments in the FCC’s Data Breach Reporting Requirements proceeding. WTA reiterated its overall concern that because of the limited number of employees at its member companies, the FCC should coordinate its data breach reporting requirements and deadlines with those of other federal and state agencies so that the growing number of cybersecurity reporting obligations and time frames are consistent with each other to the maximum feasible extent.
On specific issues, WTA: (a) supports the continued limitation of the definition of “breach” to intentional actions; (b) supports the use of a harm-based trigger for data breach reporting obligations to limit over- reporting and preserve investigative and reporting resources; (c) supports a threshold trigger of 5,000 affected customers to further limit over-reporting and preserve investigative and reporting resources; (d) opposes extension of reporting requirements beyond the statutory CPNI limits of Section 222 of the Communications Act; and (e) supports flexibility for customer notifications.
Initial comments were filed on February 28.