What You Should Know:
– Cerebral, a company offering online mental health services, has agreed to pay over $7 million to settle Federal Trade Commission (FTC) charges.
– The FTC alleged that Cerebral failed to secure and protect sensitive consumer data and misled them about cancellation policies.
Key Allegations Against Cerebral
Cerebral allegedly disclosed consumers’ personal health information (including diagnoses and medication history) to third parties like LinkedIn, Snapchat, and TikTok for advertising purposes. The company was accused of failing to implement adequate safeguards for user data, including allowing former employees to access patient records and exposing patient information through a single sign-on method. Despite promising easy cancellation, Cerebral allegedly made the process complex and time-consuming, resulting in additional charges for consumers.
Terms of the Settlement
Cerebral will pay nearly $5.1 million in refunds to impacted consumers and a $2 million civil penalty. Cerebral is permanently banned from using or disclosing sensitive consumer data for most advertising purposes and must generally obtain consent before sharing such information with third parties. The company is required to implement a comprehensive data security program to address the identified issues. In addition, Cerebral must be transparent about its privacy and data security practices, provide a clear cancellation process, and allow consumers to request data deletion.
The charges against Cerebral’s former CEO, Kyle Robertson, are still pending in court.