Blog

LabMD Sues FTC Lawyers

LabMD Sues FTC Lawyers

The LabMD saga has been a fascinating one.

In 2016, LabMD was accused by the FTC of exposing sensitive patient information due to less than adequate data security practices. LabMD then requested that the court reconsider its decision that two Federal Trade Commission lawyers had qualified immunity from liability for filing the lawsuit against LabMD. LabMD sues FTC lawyers, arguing that the FTC lawyers engaged in a “deliberate and successful effort to cause the Commission to authorize an enforcement action” premised upon false facts. LabMD lost that argument.

Perhaps the most interesting part of the LabMD saga is that the FTC took a hit in attempting to regulate by consent decree. A close second is the whether the nation’s regulatory approach to cybersecurity is working.

The FTC demands that business implement reasonable measures to eliminate data vulnerabilities. However, regulatory settlements are hardly defined, substantive legal requirements.

The U.S. Court of Appeals for the Eleventh Circuit’s decision has significant implications for the FTC’s approach to cybersecurity. The court stated that the FTC’s order “mandates a complete overhaul of LabMD’s data-security program and says precious little about how this is to be accomplished.” In fact, the court stated that the FTC could have drafted a narrowly drawn and easily enforceable order regarding data security.

“The Commission’s decision in this case does not explicitly cite the source of the standard of unfairness it used in holding that LabMD’s failure to implement and maintain a reasonably designed data-security program constituted an unfair act or practice,” the court said.

The Eleventh Circuit found that the FTC’s order was not enforceable. The ruling calls into question prior data security orders regarding accusations of lax security practices that contain no prohibitions, or instructions about overhauling practices to satisfy an elusive reasonableness standard. Concrete data security policies may follow, including uniform federal data breach and privacy legislation.

The FTC is now going to be forced to tailor its orders that impose obligations on companies that are alleged to have failed to safeguard consumer data. It is also likely to think twice before initiating legal action under the “unfairness” prong of Section 5 of the FTC Act based upon ambiguous justification where there exists no concrete injury.

Attorney advertising


FTC Tips About Social Media Influencer Campaigns

FTC Social Media Influencer Campaign Tips for Marketers Social media influencer actions and investigations by the Federal Trade Commission are on the rise. In addition the FTC’s first law enforcement action against individual influencers for misleading practices in 2017, the agency has sent numerous educational and follow-up letters to influencers and brands, reminding them that … Continue reading FTC Tips About Social Media Influencer Campaigns

New York City Ratchets-Up Consequences for Businesses With Outstanding Fines

NYC Department of Consumers Affairs DCA Defense Lawyer Recent reports indicate that local businesses with outstanding fines may be facing licensure suspension and revocations.   The policy is clear – deter misconduct in tandem with helping the city capture the money it is owed. Accumulating Debt According to a recent report by Crain’s New York Business, … Continue reading New York City Ratchets-Up Consequences for Businesses With Outstanding Fines


Court Rules on Applicability of TCPA to Dual Purpose Telephone Number

With some exceptions, telephone calls between a telemarketer and a business are exempt from the Telemarketing Sales Rule. Not every state exempts B2B telemarketing calls under state law. Telemarketers often rely on the business-to-business exemption from applicable Do Not Call registries and other telemarketing rules. The B2B exemption to the TSR applies only to calls … Continue reading Court Rules on Applicability of TCPA to Dual Purpose Telephone Number

Regulatory Compliance Watch Quotes Richard B. Newman on Email Marketing Compliance

In November 2018, Regulatory Compliance Watch – a leading publication covering compliance news, guidance and best practices for financial services professionals  – quoted Richard B. Newman about the federal CAN-SPAM Act and related state laws, such as California’s Business and Professions Code Section 17529.  Mr. Newman’s quote in the article expressed who does and does not have standing … Continue reading Regulatory Compliance Watch Quotes Richard B. Newman on Email Marketing Compliance