$10,000,000 civil penalty for disclosing personal data without consent
Data Protection Report
APRIL 30, 2024
The order also requires that the company destroy personal data for which it had not received consent and to create a document retention and destruction policy. The company also admitted “that it disclosed consumers’ sensitive PHI to entities that were not able to meet all legal requirements to protect consumers’ health information.”
Let's personalize your content