Commenters Disagree on TRS Breach Reporting Requirements
Commenting on proposed FCC data breach rules (see 2302230038), groups representing the deaf and hard of hearing urged a focus on telecommunications relay service providers. “Overall, rules concerning TRS should account for the unique privacy concerns faced by TRS users, including the possibility that call transcripts could be accessed in a data breach,” the advocates said: “These rules should not include harm-based trigger notification requirements and should not treat cost as a barrier to implementation.” The filing was signed by Telecommunications for the Deaf and Hard of Hearing, Hearing Loss Association of America, National Association of the Deaf and the Rehabilitation Engineering Research Center on Technology for the Deaf and Hard of Hearing at Gallaudet University. TRS provider Sorenson Communications said it and other providers should have to report “inadvertent disclosures” of customer proprietary network information. But the FCC should recognize “the legitimate dangers of over-reporting,” Sorenson said: “Many inadvertent ‘breaches’ pose no serious risk to consumers, such as when an employee of a TRS provider inadvertently receives access to CPNI but does not misuse the information. Requiring providers to report such de minimis ‘breaches’ -- essentially false positives -- would serve no helpful purpose.” Provider Hamilton Relay said the commission should keep in mind “how TRS providers are different from common carriers with regard to the services they provide and the information they collect from their customers.” The FCC should also consider “how its proposed rules will align, or potentially conflict, with existing state and federal privacy regimes,” Hamilton said. Comments were posted last week in docket 22-21.