Following a public comment period, the Federal Trade Commission has approved a final order settling charges against Rite Aid Corporation, and sent letters to members of the public who submitted comments on the order. The FTC charged that the company failed to protect the sensitive financial and medical information of its customers and employees. The settlement order requires Rite Aid to take several steps, including establishing a comprehensive information security program designed to protect the security, confidentiality, and integrity of the personal information it collects from customers and employees.
Source: FTC. Other FTC documents on this case can be found here.
Previous coverage of FTC settlement here. Previous coverage of HHS/HIPAA settlement here.