Hogan Lovells LLP is reporting that Ride Aid has agreed to pay $1 million dollars (U.S.) to settle violations of U.S. health information privacy requirements. Interestingly, the FTC has ordered Rite Aid to cease misrepresenting its information security practices to customers and establish other personal information management securities safeguards.
As I have previously posted, we’ve seen million dollar privacy awards here in Canada but what’s interesting is the fact that the FTC took issue with an organization “misrepresenting” its privacy protection practices. It’s a good reminder that simply having a privacy policy doesn’t cut it. Businesses must ensure that internal policies and procedures exist and are enforced on an ongoing basis in order to live up to commitments made in privacy policies.
