In the year 2014, the Security & Exchange Commission declared that it would start imposing fines on relevant organizations that didn’t report data breaches resulting in some form of financial implication. This move was seen as very likely at a time when consumer awareness in relation to data privacy was and is still heightened. For this reason, there are even higher chances that similar jurisdictions will be introduced in 2016 to enforce privacy protection among consumers in the Telecom industry.
As we speak, this has already begun happening on a larger scale. The Federal Communications Commissions announced that it would fine two Telecom companies a sum of $10 because they had violated data security. This was seen as the first time the body wielded such power to impose hefty fines on companies that would breach these regulations, although this task is primarily reserved for the FTC.
What current regulations say concerning fines imposed on those who don’t comply
FCC’s recent move to announce its intention of imposing fines isn’t based on any new regulations. Instead, it’s based on the existing communications act which was passed in 1934. However, this act doesn’t mention cybersecurity.
According to the FCC, the statute seeks to protect customers who have data which they want to protect from members of the public. But in the absence of concrete federal regulations, all states may experiment with the enforcement of this statute by imposing fines on noncompliance until such laws eventually exist.
In fact, 2016 has seen the definition of personal data being expanded to cover areas that it had initially omitted. For this reason, stakeholders should be prepared to deal with the frequent triggers of noncompliance notices.
Telecom companies will put more effort in crafting their response plans to avoid these penalties
The financial impact of a data breach is so huge that telecom companies cannot fathom. And seeing that the authorities are stepping up their efforts to enforce the statute in a whole new way, telecom companies have no choice but to come up with sound response plans in 2016 and beyond.
The following are steps which they are now taking to stay relevant to the changes:
1. They are maintaining a comprehensive and updated response plan to make sure they’re able to meet any existing or new requirements
2. They are reviewing how they store their consumer’s data by working with their respective IT teams in addition to the kind of protective measures that must be followed
3. Finally, they are always learning from victim organizations or companies that have recently been penalized
Finally, the relevant stakeholders will apply a more complex approach to data security. Instead of using encryption which can still be vulnerable to breaches, they are relying on a technology built into the firmware of devices, thus providing 24/7 access to their users’ mobile device ecosystem.
This way, IT teams can remotely invoke security commands to allow data recovery or deletion — just in case there was a potential threat. These measures allow IT, teams, to respond promptly, thus protecting data overall.