Father
Professional
- Messages
- 2,602
- Reaction score
- 760
- Points
- 113
The company has long regretted misleading its customers.
The US Federal Trade Commission (FTC) imposed a fine of more than $ 7 million on the company Cerebral, which provides telemedicine services in the field of mental health, for disclosing confidential user information to third parties for advertising purposes. The company also received a separate ban on future use and disclosure of personal data of customers for the same purposes.
The FTC is accusing Cerebral and its former CEO, Kyle Robertson, of violating privacy and misleading customers about service cancellation policies. The company claimed that it provides "secure, secure and unobtrusive" services, but did not disclose that the data will be shared with third parties.
The FTC alleges that Cerebral built tracking tools into its websites and apps that transferred data from nearly 3.2 million users to platforms such as LinkedIn, Snapchat, and TikTok. The transmitted data included names, medical data, addresses, phone numbers, dates of birth, demographic information, IP addresses, insurance information, and other information.
The FTC also points out that previously, former employees of Cerebral had access to clients ' medical records even after they were dismissed due to the incompetence of those responsible for revoking their authority. This lasted from May to December 2021.
In addition, the company is accused of sending advertising postcards to its customers without envelopes. These cards included the names of patients and information that could reveal their diagnosis and treatment to anyone who saw the cards.
Under the proposed order, which is awaiting approval in federal court, Cerebral is required to implement a comprehensive data privacy and security program. The company must also post a notice on its website about the FTC's order, set a data retention schedule, and delete most consumer data that is not used for treatment, payment, or health care transactions unless users have agreed to do so.
The case is part of a series of FTC actions against health care providers who in recent years have shared their highly sensitive data with analytics and social platforms without users consent.
The US Federal Trade Commission (FTC) imposed a fine of more than $ 7 million on the company Cerebral, which provides telemedicine services in the field of mental health, for disclosing confidential user information to third parties for advertising purposes. The company also received a separate ban on future use and disclosure of personal data of customers for the same purposes.
The FTC is accusing Cerebral and its former CEO, Kyle Robertson, of violating privacy and misleading customers about service cancellation policies. The company claimed that it provides "secure, secure and unobtrusive" services, but did not disclose that the data will be shared with third parties.
The FTC alleges that Cerebral built tracking tools into its websites and apps that transferred data from nearly 3.2 million users to platforms such as LinkedIn, Snapchat, and TikTok. The transmitted data included names, medical data, addresses, phone numbers, dates of birth, demographic information, IP addresses, insurance information, and other information.
The FTC also points out that previously, former employees of Cerebral had access to clients ' medical records even after they were dismissed due to the incompetence of those responsible for revoking their authority. This lasted from May to December 2021.
In addition, the company is accused of sending advertising postcards to its customers without envelopes. These cards included the names of patients and information that could reveal their diagnosis and treatment to anyone who saw the cards.
Under the proposed order, which is awaiting approval in federal court, Cerebral is required to implement a comprehensive data privacy and security program. The company must also post a notice on its website about the FTC's order, set a data retention schedule, and delete most consumer data that is not used for treatment, payment, or health care transactions unless users have agreed to do so.
The case is part of a series of FTC actions against health care providers who in recent years have shared their highly sensitive data with analytics and social platforms without users consent.
