1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Attorney General William Tong led a coalition of 42 states and territories to urge the FDA to preserve state consumer protection authorities for over-the-counter hearing aids, concerned that the proposed rule could preempt state laws and lack adequate age verification and labeling requirements.
The FTC finalized a settlement with SkyMed International, Inc., an emergency travel services provider, for failing to secure sensitive consumer data and deceiving consumers about HIPAA compliance. The company left a cloud database with 130,000 membership records unsecured, containing personal and health information. Under the settlement, SkyMed must notify affected consumers, implement a security program, undergo biennial assessments, and is prohibited from misrepresenting its data practices.
The FTC settled with Flo Health, Inc., developer of a popular fertility-tracking app, alleging it misled users by sharing sensitive health data with third-party analytics providers like Facebook and Google after promising to keep such data private. The proposed consent order requires Flo to obtain user consent before sharing health data, notify affected users, and destroy previously shared data, among other requirements.
SkyMed International, Inc. settled FTC allegations that it failed to secure sensitive consumer data, including health information, leaving a cloud database with 130,000 records exposed to the public. The FTC also alleged that SkyMed misrepresented HIPAA compliance on its website. As part of the settlement, SkyMed must implement a comprehensive security program, undergo biennial third-party assessments, and send notices to affected consumers.
The FTC settled with Ortho-Clinical Diagnostics, Inc. for misleading consumers about its participation in the EU-U.S. Privacy Shield framework. The company allowed its certification to lapse in 2018 but continued to claim participation. The settlement prohibits such misrepresentations and requires compliance with Privacy Shield obligations for data collected or deletion of such data.
The California Attorney General filed a complaint against Kaiser Foundation Health Plan, Inc. for improperly disposing of patient medical records containing protected health information. The records, including diagnoses and lab results, were found discarded at a recycling facility, violating patient privacy. The action alleges breaches of the California Confidentiality of Medical Information Act.
All data sourced from official government enforcement pages.