Login

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

FTC action against LabMD’s data security practices vacated

Reprints
Cyber Risks D&O E&O General liability Regulation More + Less -
FTC action against LabMD’s data security practices vacated

In the latest development in a long-running case, a federal appeals court has vacated an enforcement action brought by the Federal Trade Commission against LabMD Inc., a now-defunct medical laboratory.

The 11th U.S. Circuit Court of Appeals in Atlanta said in its ruling Wednesday in LabMD Inc. v. Federal Trade Commission that the agency could not bring its enforcement action, which was based on the laboratory’s security data practices, under the Federal Trade Commission Act.

The FTC had issued an opinion and final order in 2016 holding that the security practices of Atlanta-based LabMD, which stopped conducting lab tests and began winding down its business in January 2014, were unreasonable and lacked “even basic precautions.”

One of the issues in the case, which was discussed in Wednesday’s ruling, had been whether a cyber security firm, whose services the lab had declined, had given the government falsified information

In its ruling, a unanimous three-judge panel said, that “assuming arguendo that LabMD’s negligent failure to implement and maintain a reasonable data-security program constituted an unfair act or practice” under the FTC Act, “the Commission’s cease and desist order is nonetheless unenforceable.”

“It does not enjoin a specific act or practice. Instead, it mandates a complete overhaul of LabMD’s data-security program and says precious little about how this is to be accomplished. Moreover, it effectually charges the district court with managing the overhaul. This is a scheme Congress could not have envisioned. We therefore grant LabMD’s petition for review and vacate the Commission’s order.”

 

 

 

 

Read Next

  • Cyber security firm probed over alleged lies about data breaches

    (Reuters) — Federal agents are investigating whether cyber security firm Tiversa gave the government falsified information about data breaches at companies that declined to purchase its data protection services, according to three people with direct knowledge of the inquiry.

Related Stories

Most Read in Risk Management

Sign up for Daily Briefing, the free email newsletter from Business Insurance.

About

Advertise

Reprints and Licensing

Resources

. Privacy PolicyTerms of Use

COPYRIGHT © 2024 BUSINESS INSURANCE HOLDINGS

Member, Beacon International Group, Ltd.