FTC Approves Consent Orders with Companies that Marketed Genetically Customized Nutritional Supplements
Time 2 Minute Read
Categories: Enforcement, U.S. Federal Law

On May 12, 2014, the Federal Trade Commission announced that it has approved final consent orders with two companies that marketed genetically customized nutrition supplements. In addition to charges that the companies’ claims regarding the effectiveness of their products were not sufficiently substantiated, the settlements also allege that the companies misrepresented their privacy and security practices. The two companies, Gene Link, Inc. (“Gene Link”) and foru™ International Corp. (“foru” – a former subsidiary of Gene Link), represented in their privacy policy that they had “taken every precaution to create a process that allows individuals to maintain the highest level of privacy” and that the companies’ third party service providers are “contractually obligated to maintain the confidentiality and security of the Personal Customer Information and are restricted from using such information in any way not expressly authorized” by the companies.

According to the FTC’s complaints against Gene Link and foru, the companies failed to provide appropriate security measures to protect consumers’ personal information by:

  • Not requiring service providers by contract to implement reasonable safeguards and not engaging in reasonable oversight of those service providers;
  • Maintaining consumers’ personal information, including Social Security numbers and bank account numbers, in clear text;
  • Enabling service providers to access consumers’ complete personal information, even if such information was not necessary for service providers to perform their duties; and
  • Neglecting to limit wireless access to their network.

The consent orders with Gene Link and foru prohibit the companies from misrepresenting the extent to which the companies maintain the privacy, security and confidentiality of consumers’ personal information. The consent orders also obligate the companies to implement comprehensive information security programs that are subject to independent assessment on a biennial basis for the next 20 years.

Tags: Consent Order, Consumer Protection, Federal Trade Commission, Service Provider, Social Security Number
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Oklahoma Enacts Comprehensive Consumer Privacy Law

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Alabama Enacts App Store Accountability Act Requiring Age Verification

On February 5, 2026, Alabama Governor Kay Ivey signed Alabama House Bill 161, the App Store Accountability Act, establishing age categorization, age verification and parental consent requirements for mobile application marketplace providers operating in Alabama, effective January 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
CalPrivacy Reaches Settlement with Ford Motor Company Over CCPA Opt-Out Right Violations

On March 5, 2026, the California Privacy Protection Agency announced that the agency had reached a settlement with Ford Motor Company resolving an enforcement action against the company that alleged noncompliance with the California Consumer Privacy Act’s opt-out of sale/sharing rights.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page