LabMD CEO pushes back on FTC's data security enforcement efforts

Dive Brief:

  • The Federal Trade Commission has sued various companies over the past several years for failing to protect customer data.
  • The agency began investigating LabMD two years ago for allegedly not protecting thousands of sensitive patient records, but that company’s CEO is fighting back.
  • Last month, Wyndham Hotels settled its highly contentious case with the FTC.

Dive Insight:

Lab­MD is the only company still challenging the FTC’s "authority to police data security failures," according to Nextgov. The FTC sued Lab­MD in August 2013, accusing the company of “failing to use reasonable security measures to protect patient information.”

But in November, administrative law judge D. Michael Chappell threw out the FTC’s charges, saying that the agency failed to prove the Lab­MD data breach would have brought any harm to the company’s patients.

LabMD’s CEO, Michael Daugherty, has vowed to keep fighting back against the charges and the FTC’s authority to sue companies for what it judges as lackluster security.

“It definitely raises the bar in terms of what the FTC must demonstrate to succeed in a data-privacy case,” said attorney Craig Newman to Nextgov. “Lab­MD has now created a big question mark as to whether other companies are going to take a much harder stance in the future.”

Over the past decade the FTC has “established itself as the government’s chief cyber­security cop.” But Daugherty and others argue that Congress “never explicitly directed the FTC to go after companies for weak cybersecurity.” The agency uses its authority to monitor "unfair or deceptive" business practices to target agencies with potentially lacking cybersecurity efforts. 

Filed Under: Security