September 28, 2021
Partner Laura Riposo VanDruff
was quoted in a recent DigiDay
article discussing the FTC’s new approach in applying the Health Breach Notification Rule to govern the privacy and security of data in fitness apps and other technology used to monitor health. Although no companies have yet been charged under the rule, the FTC’s goal is to better align enforcement with how health data is handled.
VanDruff, who recently served as assistant director in the FTC’s Division of Privacy and Identity Protection inside its Consumer Protection Bureau, calls the plan to apply the existing health breach notification rule to health apps a “significant expansion” of the original interpretation. “I’m not sure that the FTC has identified where the guardrails are, the policy statement raises so many questions for companies that provide health and wellness and fitness services, and the statement doesn’t answer those questions about what companies can do.”
Read the full article here.