As the new FCC Chairman rapidly reverses the commission’s stance on privacy protection and cyber security, small businesses are faced with the need to tighten their own security protocols to protect their sensitive data.
Many business owners assume that the Federal Communications Commission has a set of stringent rules designed to regulate the actions of internet service providers and help protect the security of sensitive business data transmitted over the web. However, recent steps were taken by the newly appointed FCC Chairman Ajit Pai clearly demonstrate that this is not the case. According to Pai, the FCC has no role to play in communications cyber security, and this change in approach by the FCC leaves internet service providers free to sell their customer’s sensitive data without oversight. For businesses across industries, this shift in the FCC’s stance on their role in privacy protection and cyber security signals a need for stronger cybersecurity protocols at the corporate level.
Before this policy shift, the FCC was working on new and robust privacy rules that would have placed greater constraints on what internet service providers could do with private customer information. In general, service providers would have been required to let their customers know that their data was being collected and gain affirmative opt-in consent before utilizing the data or sharing it with any third-parties. Given that internet service providers have access to a wide range of sensitive data including financial information, internet history, email content, Social Security numbers and more, these rules would have served to protect small businesses from having their sensitive data exploited.
New FCC Chairman Pai, however, had suspended these new regulations before they even had a chance to go into effect. Moreover, under Pai’s direction, the FCC has also reversed course on plans to enact federal regulations that would require Internet service providers to let their customers know when a data security breach has occurred, deferring to state laws instead. This change in policy means that businesses may not even find out when hackers have gained access to sensitive and critical data through an attack aimed at their internet service provider. What is the reasoning for these changes on the FCC’s part? The new FCC Chairman is responding to two key groups: Internet service providers who disliked the cost of the regulations and the industry trade groups that benefit from purchasing sensitive information from Internet service providers.
In the face of this shift in rules and regulations at the FCC, what should business owners do? To a great extent, many small businesses should take these policy changes as an important reminder of the need to maintain strong cybersecurity in general. Treating any data that is shared over the internet as potentially vulnerable is a good practice, and enacting robust protocols to encrypt and protect the sensitive business or customer data is a smart move in any climate.
Concerned that your business’ sensitive data might be at risk? The cyber security experts at InfiNet Solutions can evaluate your security protocols and check for weak spots that could leave your firm vulnerable. Contact us today at (402) 895- or firstname.lastname@example.org to learn more.