Skip to main content

Businesses Pan FCC Data-Breach Deadlines

The State Privacy and Security Coalition has asked the FCC to grant the petitions of ISPs, ad agencies and others to reconsider its broadband privacy rules.

It is preaching to the choir when it comes to the Republican FCC majority, which voted last week to stay part of the rules implementation and signaled they wanted to revamp the rules, or deed broadband privacy authority back to the Federal Trade Commission--whichever comes first.

In a filing with the FCC, the coalition, which identifies itself as representing 25 leading communications, technology, retail, and media companies and six trade associations (business leagues, chambers of commerce, real estate boards, according to ProPublica), took particular aim at the breach notification dealines in the order, which it says are are "confusingly out of kilter" with state and Federal Trade Commission deadlines--the FTC deadlines are for edge provider data collection, rather than ISPs, which the FCC privacy rules apply to.

The coalition says none of 47 state breach notification laws require the seven-day notice to law enforcement and 30-day consumer notification deadlines. It says most states have no consumer notice deadline and those that do have at least 45 days.

"[C]omplex breaches take time to investigate," they argue. "It does not help anyone if businesses notify consumers prematurely with incorrect information."

They also take aim at the FCC definition of sensitive information, saying that the degree to which it differs from the FTC's approach and state privacy and security statutes would "create consumer confusion and hinder innovation."

It said the FCC rules "would be more effective if it were aligned with state laws pertaining to the security of sensitive data definitions."