United States of America: Announced enforcement of FTC Health Breach Notification Rule

On 22 February 2010, the Federal Trade Commission (FTC) started enforcing the Health Breach Notification Rule, following its entry into force on 24 September 2009. The Rule outlines notification requirements for vendors of personal health records, such as platforms allowing consumers to access health data and third-party applications for personal health records. In particular, the Rule requires entities to notify the consumers and the FTC of data breaches without unreasonable delay and no later than 60 days after the discovery of unauthorised data access and within 10 days if more than 500 consumers will be affected.