FTC Obtains Settlement From Cord Blood Bank In Data Theft Action


On February 5, a federal district court in California approved a settlement recently obtained by the FTC, which (i) requires a California-based firm that operates a cord blood bank to establish a comprehensive information security program and submit to security audits by independent auditors every other year for 20 years, and (ii) prohibits the company from misrepresenting its privacy and security practices. The FTC alleged that the firm violated the FTC Act by failing to use reasonable and appropriate procedures for handling customers’ personal information, despite its privacy policy claims to the contrary. Further, the FTC charged that the firm created unnecessary risks to personal information by transporting portable data storage devices containing personal information in a way that made the information vulnerable to theft, and failed to prevent, detect, and investigate unauthorized access to computer networks. According to the FTC, this resulted in a December 2010 breach in which certain portable devices were stolen from an employee’s personal vehicle and the names, gender, Social Security numbers, dates and times of birth, drivers’ license numbers, credit and debit card numbers, and other personal information of nearly 300,000 customers were compromised. The FTC also alleged that certain of the portable devices could have permitted an intruder to access the firm’s network, which contained sensitive personal health information.

Topics:  Data Breach, Data Protection, Data Theft, FTC, Mobile Devices, Personally Identifiable Information, Security Audits

Published In: Antitrust & Trade Regulation Updates, Health Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BuckleySandler LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »