FTC Seeks to Penalize 1Health for Data Protection Policy Violation

The Federal Trade Commission may require 1health, previously known as Vitagene, to pay $75,000 for consumer refunds as part of a proposed settlement with the agency concerning the company’s alleged failure to protect sensitive customer genetic and health data.

The FTC accused 1health of storing sensitive consumer and raw genetic data on a publicly accessible Amazon Web Services data bucket, a situation the company did not rectify until a security researcher made the matter public in 2019. FTC said some of that data was tied to the names of consumers, a claim that 1health denied.

The FTC also said 1health promised customers that they could delete their data at any time, a promise the company allegedly failed to keep.

Lastly, the FTC accused 1health of sharing customer information with third parties without first notifying customers of the change in policy.

In addition to the consumer refund, the proposed settlement calls on 1health to strengthen its protection for genetic information and instruct third-party contract laboratories to destroy all consumer DNA samples that have been retained for more than 180 days.

The public will be given 30 days to comment on the proposal before a final settlement is reached, CyberScoop reported.