Broadband Providers Battle FCC Over New Data Breach Rules

Broadband industry groups are asking a federal appeals court to scuttle the Federal Communications Commission's new disclosure obligations on telecommunications companies that suffer data breaches. The agency specifically required companies to notify consumers, federal law enforcement agencies and the agency about all breaches—even “inadvertent” ones—that expose personally identifiable information, including sensitive financial information. The broadband lobbying groups argue that Congress stripped the FCC of authority to issue the new regulations. The groups point to Congress's 2017 decision to revoke privacy rules passed by the FCC during the Obama administration. Those rules—which never actually took effect—would have required broadband carriers to obtain consumers' permission before harnessing information about their web activity for ad targeting. The Obama-era privacy rules also required providers to notify customers and law enforcement agencies about some data breaches that exposed personally identifiable information. Congress repealed the regulations under the Congressional Review Act. Congress has only rarely used the Congressional Review Act, and it's not clear how courts will determine when new rules are “substantially” the same as revoked ones.