Federal Trade Commission File a Complaint with the FTC Order Printed FTC Publications The FTC's Privacy Poilicy Search the entire FTC website
Privacy Initiatives
Privacy Initiatives Home
Unfairness & Deception
Financial Privacy
Credit Reporting
Children's Privacy

Iconix Brand Group Settles Charges Its Apparel Web Sites Violated Children's Online Privacy Protection Act

CVS Caremark Settles FTC Charges

Consumer Electronics Company Agrees to Settle Data Security Charges; Breach Compromised Data of Hundreds of Consumers

FTC Says Mortgage Broker Broke Data Security Laws: Dumpster Wrong Place for Consumers’ Personal Information

Sony BMG Music Settles Charges Its Music Fan Websites Violated the Children’s Online Privacy Protection Act

Mortgage Company Settles Data Security Charges

Financial Privacy Rule: Interagency Notice Research Project

Protecting Personal Information: A Guide for Business
Health Breach Notification Rule
 

Does your business or organization have a website that allows people to maintain their medical information online? Do you provide applications for personal health records – say, a device that allows people to upload readings from a blood pressure cuff or pedometer into their personal health record?

The American Recovery and Reinvestment Act of 2009 includes provisions to strengthen privacy and security protections for this new sector of web-based businesses. The law directed the Federal Trade Commission to issue a rule requiring companies to contact customers in the event of a security breach. After receiving comments from the public, the FTC issued the Health Breach Notification Rule.

Under the FTC’s Rule, companies that have had a security breach must:

  1. Notify everyone whose information was breached;
  2. In many cases, notify the media; and
  3. Notify the FTC.

The FTC has designed a standard form for companies to use to notify the FTC of a breach. The FTC will begin enforcement on February 22, 2010.

The FTC’s Health Breach Notification Rule applies only to health information that is not secured through technologies specified by the Department of Health and Human Services. Also, the FTC’s Rule does not apply to businesses or organizations covered by the Health Insurance Portability & Accountability Act (HIPAA). In case of a security breach, entities covered by HIPAA must comply with HHS’ breach notification rule.

com

National Do Not Call Registry Information ID Theft Data Clearinghouse FTC's website on spam
Federal Trade Commission
Home | Unfairness & Deception | Financial Privacy | Credit Reporting | Children's privacy