Developers of Health Apps Must Disclose Data Breaches
According to the Federal Trade Commission, app developers must notify the FTC, US customers, and in some situations, the media in the event of a security breach when receiving sensitive consumer data and health records from third parties, according to eMarketer. Companies that fail to comply will be subject to daily fines of $43,792 per infringement, up to a maximum of $43,792 per infraction.
Due to the lack of regulations, this policy was overlooked and firms didn't follow it, but recently, the FTC has agreed on a new policy statement. This is because the policy is over a decade old, and companies didn't know the regulation was in place or understood it.
More and more digital health apps (more than 90,000 were developed last year alone, or about 250 per day) are in use, increasing the likelihood that sensitive user data will be collected and shared.
Unfortunately, the disturbing truth is that most of the mobile health apps on the market today can be compromised and have their data breached. 88% of them are capable of collecting and sharing user data, per IQVIA.
Apparently, customers do not care as much about data breaches as the FTC does
According to a Deloitte Connectivity and Mobile Trends survey conducted in July 2021, 60% of US adults in the 14+ age bracket who use wearable devices indicate that they are not concerned about the privacy of the data collected by fitness trackers or smartwatches.
Users of wearable gadgets and health apps are expected to be disconnected as a result of a security vulnerability.
As a result, numerous digital health providers will be compelled to comply with the FTC's directive in order to avoid incurring significant fines: It is possible for a noncompliant corporation to face over $500,000 in fines in as little as two weeks for neglecting to notify customers or the media of a data breach, as an example.