The Federal Trade Commission has proposed a stipulated order against a company that released an ovulation app. This is following allegation about violations of the FTC Act. The app allowed users to input and track personal and health information. However the company failed to have adequate privacy and data security measures in place.
However, it was shown that the company did share information with third-parties and Google. This counts as a breach of the Health Breach Notification Rule.
The FTC’s proposed order has certain stipulations as well as a monetary penalty. The order has strict rules regarding:
- Disclosing information with express consent
- When trying to obtain consent to share data the notice must contain clear information about what will happen with the data
- A permanent ban on sharing information to third-parties for marketing purposes without express consent
- Notifying those involved in any data breach as well as the FTC
- Obtaining and cooperating with a third-party auditor to conduct an independent review of their ISP
- Getting written confirmation that any third-parties that received the unauthorized information have deleted it all.
The company has also been told to pay $100,000 and they will be required to annual certify with the FTC that they are compliant with this order.
Value Privacy’s experts are on hand to make sure that you and your company aren’t caught out by new or existing privacy laws.
You can find out more about the services we offer or just get in touch with us directly with any questions you have about how privacy laws impact you.