FTC orders protection of DNA data privacy, what about OCR’s oversight?

HealthcareInfoSecurity.com reported that “A consumer genetic testing company must ensure the destruction of customer saliva samples and undergo third-party evaluation of its information security program for the next two decades under a proposed consent order with the U.S. Federal Trade Commission.”  The June 16, 2023 article entitled “FTC Orders 1Health.io to Improve DNA Data Privacy, Security” (https://tinyurl.com/yc36rvd9) included these comments:

California firm 1Health.io, previously known as Vitagene, also committed to paying $75,000 in an enforcement action that marks the FTC's first case focused on the privacy and security of genetic information.

The San Francisco company offers personalized diet and exercise plans fueled by genetic results. In a statement shared with Information Security Media Group, a company spokesperson complained about the agency investigation.

"The FTC with its many staff members has spent over five years investigating," the spokesperson said. "After five years of investigation they are charging a startup company with less than 20 employees $75,000."

What do you think about this?