FTC: Rite Aid violated medical, financial privacy of customers, employees

Rite Aid Corporation has agreed to settle Federal Trade Commission (FTC) charges that it violated federal law by publicly disposing of sensitive financial and medical information of its customers and employees, the FTC announced.

In a related action, Rite Aid's pharmacy chain also agreed to pay $1 million to resolve Department of Health and Human Services (HHS) allegations that it failed to protect customers' sensitive health information. Rite Aid operates the third largest pharmacy chain in the United States, with some 4,900 retail pharmacies as well as an online pharmacy.

"Companies that say they will protect personal information shouldn't be tossing patient prescriptions and employment applications in an open Dumpster," said Jon Leibowitz, Chairman of the Federal Trade Commission, in a statement. "We hope other organizations will learn from the FTC's action against Rite Aid to take their obligation to protect consumers' personal information seriously."