Skip to main content

FTC Ramps Up Data Protection Enforcement with Emphasis on Health Breach Notification Rule

July 21, 2023

Privacy, Cybersecurity & Data Strategy counsel Nancy Perkins was quoted in the recent Law360 article "Top Privacy Developments Of 2023: Midyear Report." The story highlighted the rapidly evolving privacy and cybersecurity landscape, including increased state privacy laws, intensified FTC scrutiny, and the growing risk of cyberattacks on a global scale.

Perkins drew attention to the FTC's proposed amendments to the agency's Health Breach Notification Rule, which was adopted in 2009 but never enforced until 2023. She said that the FTC, through its proposed amendments, would codify its relatively recent interpretation of the rule as applicable to many health apps and similar technologies. Use of the Health Breach Notification Rule as an enforcement tool enables the agency to impose penalties for unauthorized disclosures of personal information in a manner the FTC's more general authority does not, Perkins noted. She observed that the FTC's actions related to the privacy and security of health data appear to reflect the agency's focus on gaps left by the limited scope of the HIPAA privacy regulations and that companies not subject to HIPAA will need to scrutinize their practices involving personal information to ensure they do not transgress FTC data protection standards.

»Read the full article (subscription required).