[HN Gopher] FCC: Telcos must now tell you when your personal inf...
___________________________________________________________________
FCC: Telcos must now tell you when your personal info is stolen
Author : rntn
Score : 144 points
Date : 2024-02-12 19:44 UTC (3 hours ago)
(HTM) web link (www.theregister.com)
(TXT) w3m dump (www.theregister.com)
| SlightlyLeftPad wrote:
| Balls of steel the FCC has. Is this the first consumer friendly
| thing they've actually done in a couple decades?
| rsynnott wrote:
| I mean, that doesn't seem _particularly_ tough.
| tristor wrote:
| I like how this is considered "tough". What would be tough is
| instituting actual data security and privacy regulations that
| telcos and service providers have to follow at risk of being
| fined out of business to be replaced by an organization that can.
| bdcravens wrote:
| I suspect it being stolen is less common than it being sold.
| m463 wrote:
| I get hardcore phishing emails sent to the email address I have
| only used with AT&T DSL. full email address, full first,
| middle, last name.
| doublerabbit wrote:
| Curse my cynical mind of the delayed "ohhh, we had no idea we
| were breached. Sorry about that folks btw your details were
| stolen lol" excuse.
| happytiger wrote:
| Yea, that'll teach them. Now they have to _tell you_ when they
| utterly fail to protect you.
|
| Just as hard hitting as making robovoices illegal rather than
| requiring providers to end spam calls on their networks
| effectively.
|
| https://www.fcc.gov/document/fcc-makes-ai-generated-voices-r....
|
| Bear in mind this is the TOP consumer complaint. And they have
| done basically a minor law change to clarify that the law still
| applies, and that it's definitely still illegal. Uh, but they
| haven't addressed the problem or fixed it in any substantive way.
|
| Such a _tough_ FCC.
|
| I will say that Jessica Rosenworcel is an angel compared to Ajit
| "Screw Consumers ITB As Much As Possible" Pai. I miss that guy
| like a hemmeroid. I'm sure he's enjoying his job as a partner at
| the private-equity firm Searchlight Capital where he is now
| seeking to "close the gap" on the broadband failures he was
| largely responsible for expanding for several years.
|
| https://www.wsj.com/articles/searchlight-capital-bets-on-uni...
|
| It's amazing. The FCC seems to be either very bad at their job or
| completely 0wn3d by the revolving door of private industry.
| drtz wrote:
| > Such a tough FCC.
|
| I had the same thought: this is "tough?"
|
| No fines for failing to protect your data? No additional
| requirements for data security? They just have to tell you when
| the screwed up.
|
| _sigh_
| happytiger wrote:
| Yea. This is failure masquerading as improvement as far as I
| can honestly tell. The idea that someone thought it was a
| good idea to put out a press release or whatever is a little
| baffling.
|
| It should read, "FCC once again fails to substantively
| improve the lives of consumers OR address data breaches and
| the loss of consumer data by countless companies."
|
| Its baffling. But it's still better than the TSA. ;)
| RajT88 wrote:
| Once upon a time the FCC had a reputation as the "Benevolent
| Dictator" (at least when I once worked for an ISP).
|
| No longer.
| KRAKRISMOTT wrote:
| They need to carry identity theft insurance for sim swapping
| and other similar attacks, or if a rogue employee misuses the
| data (very common considering that they probably have tens of
| thousands of front line staff with access to customer data).
| throwbadubadu wrote:
| ... what's up next in this tough cruel world? Banks must tell you
| when someone stole your money? Companies must tell you when they
| go bankrupt and gambled your assets? I fear madness ahead.
| aeternum wrote:
| One major problem is that PII/Personal info is uselessly broad.
|
| Legislation like this would be much more useful if it had clear
| rules or fines for various levels of PII. For example, getting
| your social security number stolen is significantly worse than a
| stolen e-mail address or phone number.
|
| All the notifications about e-mail being "stolen" are just noise
| that few care about.
| ummonk wrote:
| What's actually insane is treating an unchanging non random 9
| digit retirement benefits identifier as some kind of secret,
| knowledge of which is assumed to be proof of identity.
| dylan604 wrote:
| So immediately after a new user signs up, they should just send
| out an email saying their data has been taken. save everyone
| time.
| Repulsion9513 wrote:
| The <title> is much more accurate: FCC publishes final version of
| new breach report rules
| johnny99k wrote:
| I think I've gotten at least 5 different notices in the mail from
| different companies (healthcare, kids school) that told me my
| info was involved in a breach. I figured some new law must have
| gotten passed because most companies would never do this
| willingly.
| WaitWaitWha wrote:
| You know what is even more frustrating?
|
| When I get 5 different notices in the mail from different
| companies that told me my info was involved in a breach, * _and
| I never did direct business with any of them or have been
| notified that my data been given to them, ever.*_
| nottorp wrote:
| Why just telcos?
| dredmorbius wrote:
| Because the remit and legislative mandate of the US Federal
| Communications Commission is ... communications:
|
| _As specified in section one of the Communications Act, the
| Commission's mission is to "make available, so far as possible,
| to all the people of the United States, without discrimination
| on the basis of race, color, religion, national origin, or sex,
| rapid, efficient, Nation-wide, and world-wide wire and radio
| communication service with adequate facilities at reasonable
| charges." 1 In addition, section one provides that the
| Commission was created "for the purpose of the national
| defense" and "for the purpose of promoting safety of life and
| property through the use of wire and radio communications."_
|
| FEDERAL COMMUNICATIONS COMMISSION Fiscal Year 2008 Performance
| and Accountability Report, p. 4:
| <https://transition.fcc.gov/Reports/ar2008.pdf>
|
| For general commercial enterprise requirements, you'd want the
| Federal _Trade_ Commission, whose mandates are antitrust and
| general consumer protection.
| timmattison wrote:
| Wow, they have to do what other companies have to do. Brutal. /s
| 1970-01-01 wrote:
| I'm sorry, but a set of circumstances have led to your data being
| lost. We're making sure that set of circumstances will never
| occur exactly the same way it did.
|
| Sincerely,
|
| James Johnson Jr.
|
| CEO BigNetCorp
| olliej wrote:
| I'll take it as being tough when companies are financially liable
| for data exposure along the same lines of HIPAA. Maybe something
| akin to:
|
| * $10 per element of data not directly required for legal
| purposes or for the direct provision of services explicitly
| requested by customers (e.g. their shipping address)
|
| * $2 for element of data not legally mandated.
|
| For data stored to meet legal data retention requirements:
|
| * If the law requires that information be made available in a
| fully automated and online manner, then $0.50 per element of
| data, and $5 per element of data from the government (state vs
| federal) that mandated the data be stored and accessible
|
| * If the law does not require fully automated online access, then
| if the data is not encrypted such that it requires concurrent
| action by multiple employees to decrypt, then it's $100/data
| (e.g. no claiming it's needed for legal reasons but keeping it
| accessible for profit reasons).
|
| Essentially, make it so customer data is not purely a balance
| sheet asset.
|
| Also make it so credit agencies knowingly reporting incorrect
| information is a crime, and make them liable for all costs
| incurred (higher interest rates) and financial penalties for
| extreme cases (refusing loans outright, refusing rental,
| demanding higher deposits, etc). The fact that the agencies
| themselves are selling "monitoring services" shows that they are
| aware that their reporting is fraudulent.
| balderdash wrote:
| There should also be a sliding scale element e.g. fines doubled
| if for more than 100k customers affected, if over a million the
| greater of 20% of gross profit or 10x the fine...etc.
| apapapa wrote:
| So futuristic
___________________________________________________________________
(page generated 2024-02-12 23:00 UTC)