The news: The FTC agreed on a policy requiring app makers capturing sensitive consumer data and health records to inform the FTC, US consumers, and in some cases, the media in the event of any security breaches.
- Failure to comply could result in companies $43,792 daily fines per violation.
- For context, this policy is over a decade old—but this week, the FTC agreed on a new policy statement affirming health apps and wearables must comply with the rule, since it wasn’t being enforced and was misunderstood by most companies.
Why it matters: Developers released thousands of digital health apps last year alone, most of which have the ability to collect and share sensitive user data.
- More than 90,000 health apps were released last year (around 250 per day), according to IQVIA’s new Digital Health Trends 2021 report.
- And most of the digital health apps on the market are subject to data breaches, considering 88% of mobile health apps have the ability to collect and share user data, per IQVIA.
But—consumers may not care about data breaches as much as the FTC does: About 60% of US wearable device consumers 14+ say they’re not concerned about the privacy of their data collected by smartwatches or fitness trackers, per a July 2021 Deloitte Connectivity and Mobile Trends report.
- This means consumers aren’t likely to stop using a wearable device or health app if it’s been involved in a data breach.
- So, digital heath vendors will want to comply with the FTC mandate to avoid the hefty fines: Failure to notify users or the media of a data breach could result in over $500K in fines after two weeks of noncompliance alone, for example.