On April 15, the FTC announced an administrative complaint and joint stipulation order against a mental health service provider, requiring the provider to pay a total of more than $7 million, including $5.1 million in consumer refunds and $2 million in civil penalties. Ta. According to the complaint, between 2021 and 2022, the defendants collected sensitive personal health information and sold online mental health care treatments (i.e., telemedicine) to “hundreds of thousands” of patients through their websites. The FTC alleged that mental health service providers engaged in the following practices: Deceptive and unfair practices related to the marketing of data security practices, such as failing to disclose material items, failing to obtain explicit informed consent from consumers, or failing to implement appropriate data security measures. action. Additionally, the FTC alleged that the provider misled consumers about canceling the service, including by not providing a mechanism to stop recurring charges. The FTC complaint alleges that the company misrepresented how it used and disclosed patients’ personal information, mishandled and exposed “hundreds of thousands” of personal information, and failed to provide a means to cancel subscriptions. was specifically certified. The FTC charged the defendants with violating Section 5 of the FTC Act, which covers deceptive privacy practices, deceptive data security practices, unfair privacy and data security practices, and deceptive cancellation practices. This is an alleged violation of the Opioid Act and the Restoring Online Shopper Trust Act. (Rosca).
Although the defendants did not admit or deny these claims in the jointly stipulated order, the judgment does not require the defendants to disclose covered information to third parties for advertising purposes without the affirmative express consent of consumers. Disclosing subject information to outside parties without obtaining information is prohibited. Misrepresenting your cancellation policy. The order also required the defendants to implement stronger protections for individuals’ personal information and to begin periodic evaluations of their data security practices. The court ordered the defendants to pay $5,087,252 in financial relief to consumers and a civil penalty of $10 million, but the FTC ordered the defendants to pay $2 million in monetary penalties based on defendant’s inability to pay the entire civil penalty. They agreed to stop paying the fine in exchange for $1,000.
