Telecom business aren’t needed to alert clients about every breach. A Federal Communications Commission order in December 2023 embraced a “harm-based notification trigger” in which “notification of a breach to consumers is not required in cases where a carrier can reasonably determine that no harm to customers is reasonably likely to occur as a result of the breach, or where the breach solely involves encrypted data and the carrier has definitive evidence that the encryption key was not also accessed, used, or disclosed.”

The FCC stated that damage needing notices can consist of, however is not restricted to, “financial harm, physical harm, identity theft, theft of services, potential for blackmail, the disclosure of private facts, the disclosure of contact information for victims of abuse, and other similar types of dangers.”

The FCC order argued that the harm-based requirement would let providers “focus their time, effort, and financial resources on the most important and potentially harmful incidents” and secure “customers from over-notification and notice fatigue, specifically in instances where the carrier has reasonably determined that no harm is likely to occur.”

Senator: Telecoms must inform clients

United States Sen. Ron Wyden (D-Ore.) today slammed the providers for having weak security and the FCC for “let[ting] phone companies write their own cybersecurity rules.” Wyden proposed legislation to intensify telecom security requirements.

A representative for Wyden today stated that providers ought to alert the impacted clients.

“Senator Wyden strongly supports the phone companies notifying their customers about the theft of their data,” the representative informed Ars. “Not only do Americans have a right to be told that their information was stolen, but this is useful information that could result in some consumers voting with their wallets and switching service to carriers that retain less data and or have better cybersecurity.”

Stanford University scientists gathered and studied telephone metadata for a 2016 paper to figure out how it might be utilized versus consumers. “Using crowdsourced telephone logs and social networking information, we find that telephone metadata is densely interconnected, susceptible to reidentification, and enables highly sensitive inferences,” they composed.