FOR IMMEDIATE RELEASE
CONTACT: Kevin Schmidt, 202-499-2414
LabMD Sues Federal Trade Commission
Action Taken in the District Court for D.C., Seeks Relief from FTC’s unconstitutional abuse of government power
WASHINGTON – Cause of Action (CoA), a government accountability organization, filed a Complaint for Declaratory and Injunctive Relief in the U.S. District Court for the District of Columbia, on behalf of LabMD, seeking to stop the Federal Trade Commission’s (FTC) extralegal abuse of government power. LabMD argues that the FTC lacks the authority to regulate patient-information.
CoA is also defending LabMD against a complaint brought by the FTC based, in part, on allegations that a third party was able to obtain data from LabMD’s computers through the peer-to-peer (P2P) file sharing program LimeWire. The FTC has attacked LabMD without publishing any data-security regulations or standards and with the knowledge that LabMD’s data security practices are regulated by the U.S. Department of Health and Human Services (HHS). HHS has never suggested that LabMD violated any patient information data-security regulations or requirements.
In September, CoA challenged the FTC’s statutory authority to regulate patient information data-security practices as “unfair acts or practices” under Section 5 of the FTC Act and disputed the FTC’s claim that LabMD supposedly failed to provide reasonable and appropriate security for personal information on its computer networks. Earlier this month, CoA filed a Motion for Protective Order before an Administrative Law Judge on behalf of LabMD seeking to quash 35 subpoenas served by the FTC in a single day. As the filing today argues, the FTC’s subpoena tactics are wrongfuly instrusive and burdensome. These tactics are consistent with the FTC’s plain goal of forcing LabMD into submission by exhausting the small Atlanta-based cancer diagnosis company’s resources.
“The FTC has clearly abrogated the law Congress granted it or specifically refused to grant it,” said CoA Executive Director Dan Epstein. “From the initial action to the burdensome subpoenas, the FTC continues to exemplify the dangers of unbridled federal agency overreach into areas in which they have no authority.”
“By filing this lawsuit, we are asking the court to stop FTC’s abuse of government power and to ensure LabMD’s case is decided fairly and objectively. Right now, small businesses like LabMD that stand up to the FTC must play a rigged game because FTC is the legislator, prosecutor, judge, jury and executioner all rolled into one,” CoA Senior VP of Litigation Reed Rubinstein said. “The FTC has no power over LabMD here and its obvious disregard for the patient-information data security regulations that the Department of Health and Human Services has had in place for years creates additional chaos, expense and hardship for America’s doctors, medical labs and clinics.”
The FTC’s bullying tactics include:
- Conducting a multi-year “civil investigation” requiring LabMD to produce thousands of documents and its principals to submit to multiple examinations by government lawyers all unsupported by any concrete allegation of wrongdoing. Complying with the FTC’s demands has cost LabMD hundreds of thousands of dollars as well as thousands of hours of management and employee time.
- Forcing LabMD into an administrative hearing in which the Commission itself makes the “law,” prosecutes the “violations” and then determines the “verdict.”
- Using abusive tactics that would not be tolerated by any independent federal court. For example, the FTC served 35 subpoenas on third parties around the country demanding at least 23 depositions to take place simultaneously. For LabMD to comply with the FTC’s oppressive subpoenas, LabMD would have to hire more than 23 attorneys and pay for their transportation to appear at depositions in California, Georgia, Pennsylvania and Florida, etc.
Given the FTC’s lack of jurisdiction to even bring such a data-security action against LabMD, it makes their abusive practices all the more egregious:
- Notwithstanding the FTC’s repeated requests that Congress confer upon it the authority to regulate data-security, Congress has refused to do so.
- In a 2000 report to Congress, Privacy Online: Fair Information Practices in the Electronic Marketplace: A Report to Congress, for example, the FTC admitted that it “lacks the authority to require firms to adopt information practice policies” and requested that Congress enact legislation providing a federal agency with the authority to regulate data security. Notwithstanding the FTC’s pleas, Congress has not seen fit to expand the FTC’s jurisdiction.
- The FTC cannot rely on any statutory precedent for the proposition that the FTC has authority to regulate data-security practices under Section 5 of the FTC Act.
- Federal District Judge William Duffy recently noted, “There is significant merit to [LabMD’s] argument that Section 5 [of the Federal Trade Commission Act] does not justify an [FTC] investigation into data security practices and consumer privacy issues….”
- Even assuming, arguendo, that the FTC did have jurisdiction over its asserted claims against LabMD because the Commission has not promulgated any rules, regulations, or other binding guidelines establishing the data-security practices with which it expects compliance, this enforcement action against LabMD violates due process requirements guaranteed and protected by the Fifth Amendment to the U.S. Constitution.
The lawsuit filed today, along with the previous filings on behalf of LabMD, can be found here.
About Cause of Action:
Cause of Action is a non-profit, nonpartisan government accountability organization that fights to protect economic opportunity when federal regulations, spending and cronyism threaten it. For more information, visit www.causeofaction.org.
LabMD is a cancer detection facility that specializes in analysis and diagnosis of blood, urine, and tissue specimens for cancers, micro-organisms and tumor markers. You can find out more about their battle with the FTC here.
To schedule an interview with Cause of Action’s Executive Director Dan Epstein, contact Mary Beth Hutchins, 202-400-2721 or Kevin Schmidt, firstname.lastname@example.org.