Freeman Quoted on Uptick in Health Care Data Breach Enforcement by FTC
"Up until recently, most people thought of a breach as an intruder coming in and taking personal information," Reed said. "But under the Health Breach Notification Rule, what's considered a breach is much broader and will require companies to ensure that their publicly facing privacy policies align precisely with their data disclosure practices."
For those who commit first-time violations of privacy policies, the FTC has the authority under the Health Breach Notification Rule, which was established in 2009, to impose significant civil penalties, as Reed emphasized. He added, "The clear message to the industry is that they really have to know what data is leaving their company and for what reason."
Reed noted, "The big question in these cases is whether the same type of rules the FTC is trying to enforce in regard to obtaining consent before sharing health applies to all categories of sensitive data, including biometrics, TV viewing habits, and, potentially, even web surfing behavior. There doesn't really seem to be a limiting principle to the FTC's enforcement regime, and it will be interesting to see if someone litigates this."
Read the full article here.
- Related Practices