FTC Fines Mental Health Startup Cerebral $7 Million for Multiple Privacy Violations

Apr 16, 2024NewsroomBreach of Privacy / Regulatory Compliance

Top Privacy Violations

The US Federal Trade Commission (FTC) has ordered the mental telehealth company Cerebral to use or disclose personal data for advertising purposes.

It was also fined more than $7 million in lawsuits that disclosed users’ sensitive personal health information and other data to third parties for advertising purposes and failed to honor easy cancellation policies.

“Cerebral and its former CEO, Kyle Robertson, repeatedly broke their privacy promises to consumers and misled them about the company’s cancellation policies,” the FTC said. SAYS in a press statement.

While claiming to offer “safe, secure, and smart” services to get consumers to sign up and provide their data, the company, the FTC said, did not clearly disclose that information would be shared with third parties for advertising.

The agency also accused the company of burying its data-sharing practices in dense privacy policies, with the company engaging in deceptive practices by claiming it would not share users’ data. without their consent.

Cybersecurity

The company is said to have provided the sensitive information of nearly 3.2 million consumers to third parties such as LinkedIn, Snapchat, and TikTok by integrating tracking tools within its websites and apps designed to provide advertising functions and data analytics.

The information includes names; medical and prescription histories; home and email address; telephone numbers; dates of birth; demographic information; IP addresses; pharmacy and health insurance information; and other health information.

The FTC complaint further accuses Cerebral of failing to implement adequate security guardrails by allowing former employees to access users’ medical records from May to December 2021, using insecure access methods that reveal patient information, and not restricting access to consumer data to only those employees who need it.

“Cerebral sent promotional postcards, without envelopes, to more than 6,000 patients that included their names and speech indicating the disclosure of their diagnosis and treatment to anyone who saw the postcards. ,” said the FTC.

According to the proposed order, pending approval from a federal court, the company is prohibited from using or disclosing consumers’ personal and health information to third parties for marketing purposes, and is ordered to implement a comprehensive data privacy and security program. .

Cerebral was also asked to post a notice on its website alerting users of the FTC’s order, as well as to adopt a data retention schedule and delete most consumer data that is not used for treatment, payment, or health care operations unless they agree to it. It should also provide a mechanism for users to retrieve their data.

The development comes days after alcohol addiction treatment company Monument was barred by the FTC from disclosing health information to third-party platforms such as Google and Meta for advertising without’ y allowing users between 2020 and 2022 despite claiming that such data will be “100% confidential.”

The New York-based company was ordered to notify users about disclosing their health information to third parties and ensure that all shared data is deleted.

Cybersecurity

“Monument has failed to ensure that it follows through on its promises and actually discloses health information about users on third-party advertising platforms, including highly sensitive data that reveals that its customers receive assistance to recover from their alcohol addiction,” FTC SAYS.

Last year, the FTC announced similar enforcement actions against health care service providers such as Better Help, GoodRxand Premom for sharing users’ data with third-party analytics and social media companies without their consent.

This too Warned (PDF) Amazon is against using patient data for marketing purposes after finalizing a $3.9 billion acquisition of membership-based primary care practice One Medical.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment