This article first appeared in New Scientist.
The US Federal Communications Commission is considering new regulations to help protect consumers from data breaches that could result in their personal information being exposed in online attacks.
The proposed rules, to be unveiled by commissioners on Monday, would require internet service providers to collect and share customer data on the basis of consent, as well as a data retention requirement that would keep the data for three years.
The move is aimed at curbing online crime, which has been increasing in recent years.
The FCC is considering a range of new rules, including ones that would require companies to encrypt customer data, such as a requirement to provide encrypted data to US authorities.
It also wants internet service companies to share data with law enforcement, a requirement that is often ignored in the US.
The FCC is seeking public comments on the proposed rules before it makes them final, which could take several months.
The rules would require broadband companies to protect customers from “cyber attacks” that can cause data to be deleted, deleted without consent or stolen.
These attacks may also include a hacking attack that involves the taking or modification of a data source.
The FTC proposed rules in March that would mandate data retention for up to three years, but only for a maximum of 30 days.
These rules were backed by consumer groups and businesses.
“The FTC’s proposal would require ISPs to create a record of every customer account accessed, including the date, time and IP address of every user who visited the internet service provider’s website, and would require that ISPs maintain a copy of each such record for three months after the last use,” the FCC said in a statement.
A number of internet service firms are also expected to appear before the commission, including Comcast, Verizon, AT&T and Charter.