Man in violation of privacy law

Breaking news and expert analysis on legal and compliance issues

[Back To Home][Back To Archives]

From Antitrust Law Daily, November 17, 2015

ALJ scraps Commission’s data security complaint against LabMD

By Greg Hammond, J.D.

The FTC’s Chief Administrative Law Judge (ALJ) has entered an initial decision, dismissing an FTC complaint that a clinical testing lab failed to provide reasonable and appropriate security for personal information maintained on its computer networks, constituting unfair acts or practices under Section 5 of the FTC Act. In reaching its decision, the ALJ concluded that the Commission failed to carry its burden of proving that the supposed unreasonable conduct caused or is likely to cause substantial injury to consumers (In the Matter of LabMD Inc., November 13, 2015, FTC Dkt. 9358).

In its August 2013 complaint, the Commission charged that LabMD, Inc. failed to prevent the unauthorized disclosure of consumer information from its computer systems and that, as a result of data security failures, unauthorized third parties in two security breach incidents obtained consumer information (the 1718 file) from the company’s computer systems via peer-to-peer file-sharing application LimeWire. The Sacramento Police Department also purportedly discovered identity thieves in possession of checks payable to LabMD, as well as documents containing information of at least 500 consumers.

The ALJ concluded that complaint counsel failed to prove that LabMD’s supposed unreasonable conduct caused, or is likely to cause, substantial injury to consumers, a requirement necessary to carry its burden of proving that LabMD’s purported failure to employ reasonable data security constitutes an unfair trade practice.

In particular, the ALJ found that: (1) the Commission’s evidence failed to prove that the limited exposure of the 1718 file has resulted, or is likely to result, in any identity theft-related harm, and allegations of embarrassment or emotional harm—without proof of any tangible injury—was not a “substantial injury” within the meaning of the FTC Act; (2) with regard to the check copies and related information, the Commission failed to demonstrate that the exposure of these documents was causally connected to any failure to reasonably protect data maintained on LabMD’s computer network, because the evidence does not demonstrate that the documents were maintained on, or taken from that network; and (3) the FTC’s claim that identity theft-related harm was likely for all consumers whose personal information is maintained on LabMD’s computer networks—based on a theory that LabMD’s computer networks are “at risk” of a future data breach—was inadequate because it would require unacceptable speculation and would vitiate the statutory requirement of “likely” substantial consumer injury.

At best, according to the ALJ, the Commission proved the “possibility” of harm, but not a probability or likelihood of harm. The complaint was therefore dismissed.

The ALJ’s initial decision is subject to review by the Commission on its own motion, or at the request of any party. Absent timely notice of appeal or the Commission placing the case on its docket for review, the initial decision will become final within 30 days.

Attorneys: Alain Sheer, FTC. Reed D. Rubinstein (Dinsmore & Shohl, LLP) for LabMD, Inc.

Companies: LabMD, Inc.

MainStory: TopStory Privacy FederalTradeCommissionNews

Back to Top

Antitrust Law Daily

Introducing Wolters Kluwer Antitrust Law Daily — a daily reporting service created by attorneys, for attorneys — providing same-day coverage of breaking news, court decisions, legislation, and regulatory activity.

A complete daily report of the news that affects your world

  • View full summaries of federal and state court decisions.
  • Access full text of legislative and regulatory developments.
  • Customize your daily email by topic and/or jurisdiction.
  • Search archives for stories of interest.

Not just news — the right news

  • Get expert analysis written by subject matter specialists—created by attorneys for attorneys.
  • Track law firms and organizations in the headlines with our new “Who’s in the News” feature.
  • Promote your firm with our new reprint policy.

24/7 access for a 24/7 world

  • Forward information with special copyright permissions, encouraging collaboration between counsel and colleagues.
  • Save time with mobile apps for your BlackBerry, iPhone, iPad, Android, or Kindle.
  • Access all links from any mobile device without being prompted for user name and password.