FTC fires warning against sensitive data misuse
The agency has responded to fears around biometric data breaches, including those relating to abortion services
In a clear message to all companies collecting individual data, the Federal Trade Commission (FTC) has reaffirmed its commitment to harshly enforce illegal breaches of sensitive information.
The FTC notes in a blog post there's a litany of information that can be collected to categorise and identify people’s medical histories, which has potential for dangerous exploitation particularly in the case of consumers seeking abortions.
2021 Gartner critical capabilities for data integration tools
How to identify the right tool in support of your data management solutionsFree Download
In light of the recent ruling by the Supreme Court to overrule Roe v Wade, the decision which had protected the right to choose to have an abortion, misuse of sensitive data is a point of fierce discussion.
The regulator cited cases such as that of Copley Advertising LLC as early examples of what could be a growing trend. The company had been utilizing location data to identify people entering within a certain range of clinics offering abortion in several states, and then targeting them with anti-abortion advertising.
It has since reached a settlement with the Massachusetts Attorney General for misuse of geofencing for advertising purposes.
Striking a tough tone against potentially unethical firms, the FTC further outlined its powers to not only fine companies in breach of data protection legislation, but also require them to delete data they have collected as well as any models made with the data.
People’s information can be collected and misused in more ways than one, and the post is careful to focus on the potential for information that consumers willingly track — such as blood sugar level, menstrual cycle, sleep patterns and contraceptive use — in addition to less flagged data points such as location.
Unlike the EU and UK, the US has no central data protection legislation, nor is there an explicit right to privacy within the US constitution. Instead, a range of laws and constitutional rulings cover consumers’ right to privacy, making up a complex tradition of protections that vary state-by-state.
Currently, some of the widest such legislation includes rules that the FTC enforces such as the Health Breach Notifications Rule, which states that “vendors of personal health records and related entities to notify consumers following a breach involving unsecured information”. Violation of the rule can result in a fine if up to $46,517 per violation per day.
Many rights groups argue these rules are inadequate and subject to loopholes such as legitimate sale of information to third-party brokers. The non-profit organisation Planned Parenthood has called for a federal data protection law to codify regulation of such data into law and prevent misuse by advertisers. Biometric data law is a particularly contentious issue, with similar calls within the UK right now for more transparent consumer protections around what data companies can track, and why.
In the post, the FTC specifically warns against misleading claims of ‘anonymization’ by companies, pointing out that such data can frequently be re-identified. Knowingly making such false claims to placate customer concerns around privacy will trigger FTC intervention, it asserts.
“The Commission is committed to using the full scope of its legal authorities to protect consumers’ privacy. We will vigorously enforce the law if we uncover illegal conduct that exploits Americans’ location, health, or other sensitive data,” stated the agency in the blog post.
“The FTC’s past enforcement actions provide a roadmap for firms seeking to comply with the law.”
The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks
Business benefits and cost savings enabled by IBM Turbonomic Application Resource ManagementFree Download
The Total Economic Impact™ of IBM Watson Assistant
Cost savings and business benefits enabled by Watson AssistantFree Download
The field guide to application modernisation
Moving forward with your enterprise application portfolioFree Download
AI for customer service
Discover the industry-leading AI platform that customers and employees want to useFree Download