On January 28, 2013, the operator of a leading cord blood bank, Cbr Systems, Inc., agreed to settle Federal Trade Commission charges that it failed to protect the security of customers’ personal information, and that its inadequate security practices contributed to a breach  that exposed Social Security numbers and credit and debit card numbers of nearly 300,000 consumers in 2010.

The settlement is part of the FTC’s ongoing efforts to protect the security and confidentiality of consumers’ sensitive health and financial information. It requires Cord Blood Registry to establish and maintain a comprehensive information security program and submit to security audits by independent auditors every other year for 20 years. The settlement also bars Cord Blood Registry from misrepresenting its privacy and security practices.  

The company is now facing a class action lawsuit filed by clients who are seeking credit monitoring and identity theft insurance and cash reimbursements for any losses resulting from identity theft.     

“The FTC can and will take action to make sure that companies live up to the privacy promises they make to consumers, particularly when it comes to highly sensitive information like the health information collected by Cbr,” said FTC Chairman Jon Leibowitz. “The exposure of this information has the potential to cause real harm to consumers.”  More Details.

As a privately held company, Cord Blood Registry and others lack some of the external oversight that Cryo-Cell International undergoes on a continual basis. Cryo-Cell trades publicly under the symbol CCEL and is subject to additional federal oversight and external audits that private companies like Cord Blood Registry are not. Cryo-Cell would be required to immediately report to the public any significant events such as the security breach at Cord Blood Registry and the loss of accreditation by the AABB that New England Cord Blood Bank experienced in 2008, and would not be able to sweep it under the rug.