5 Do’s and Don’ts For Staying FTC Compliant as a Digital Health Brand

As a digital health brand, it is a given that you will come into contact with sensitive, private health data for your customers. It is vitally important to handle that information correctly, not only to ensure that you protect your customers but also to protect your brand from potential lawsuits. 

Consumer privacy is no joke. Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, recently said, “We are looking closely at whether developers of health apps are keeping their promises and handling sensitive health information responsibly.”

Digital health brands can be valuable services that drastically improve people’s lives- I use at least a dozen apps to help me improve and maintain excellent health. But with great power comes great responsibility. Here are 5 Dos and Don’ts to help your brand operate safely.

Do

Allow users to opt out of sharing information with third parties.

For brands to stay compliant with FTC and US privacy regulations, users must be provided with clear, conspicuous, and readily available mechanisms to exercise choice regarding the data they share. For sensitive information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information identifying the sex life of the individual), users need to explicitly opt-in to sharing the information.

Essentially, users should know if/when their data is shared with third parties and allowed to opt-out of sharing data, but if the data is sensitive, you will need explicit opt-in to share the data.

Consider an independent privacy audit.

Comprehending US Privacy Regulations can be highly overwhelming. In 2023, US data privacy will become even more complex as five states implement more privacy laws, and a federal data bill is on the horizon. Suppose your brand is available outside the US or utilizes any cloud technologies. In that case, you may greatly benefit from an independent privacy audit to identify potential gaps in your privacy practices and ensure compliance with US regulations. 

Ensure Privacy Notices are clear and conspicuous.

One of the best ways to protect your brand is to make notices regarding privacy and data clear, noticeable, and apparent when users provide personal information. Make sure these notices are easily accessible for your users to reference.

Don’t 

Don’t skim through third party terms of service.

Although your company’s privacy practices might be water-tight, if you integrate any third-party tools, ensure their privacy practices align with yours. Many third party data collection tools do not have stringent enough privacy protections for digital health brands. They will require that their users- your brand- do the due diligence of ensuring sensitive data isn’t shared.

Don’t forget to prioritize your data security.

When you collect, maintain or use personal information from your users, it becomes your responsibility to protect that data. Ensure that you’re implementing reasonable and appropriate measures to protect from loss, misuse, or unauthorized access. Also, consider the risks involved in processing any personal data.

You must follow many regulations to protect your brand and your users. Although it can be overwhelming, more and more services are available to help your brand navigate these challenges. Here at InfluenceLogic, we have an entire team dedicated to assisting you with implementing these strategies. Want more information? Reach out to us at compliance@influencelogic.com to learn more!