FTC warns connected device orgs: Comply with breach rule, or pay up

The US Federal Trade Commission (FTC) has issued a policy statement stating that connected devices and health apps must notify users if their health data is breached. Failure to comply could result in a penalty of up to $43,792 per violation per day. The statement aims to ensure that organizations not covered by HIPAA are held accountable for keeping customers’ health data safe. The FTC has also emphasized that a “breach” includes unauthorized actions and sharing in general, not just nefarious activities.