On September 6, 2023, the Federal Trade Commission (FTC) finalized its settlement with genetic testing firm, 1Health.io Inc., previously known as Vitagene. The settlement was the result of allegations by the FTC that the company had failed to sufficiently safeguard consumers’ DNA data.
According to the FTC, 1Health.io violated Section 5 of the FTC Act. This violation was due to the firm’s alleged misrepresentation of the privacy and security measures it had in place to protect sensitive consumer DNA data. 1Health.io was also accused of altering its privacy policy without obtaining necessary approval or adequately informing its consumer base.
For international corporations and law firms dealing in areas of data security and privacy, this case underlines the import of maintaining stringent protections for sensitive personal information, beyond just adhering to the sector-specific standards. The clear message sent by the FTC is that legal and statutory obligations extend to honouring the assurances made to customers about data security.
Businesses should be reminded that transparency is paramount when it comes to changes in privacy policies. Any such changes should be widely communicated to customers and, when applicable, customer consent should be properly documented. Failure to adhere to these standards could lead to costly and reputation-damaging legal penalties, as seen in 1Health.io’s case.
It would be useful for corporates and law firms to review their existing privacy and data protection policies in light of this case. The FTC’s enforcement actions offer valuable insights into potential pitfalls and reinforce the need to keep abreast of evolving data privacy regulations.