Here’s What They’re Saying About LabMD’s Victory Against the Federal Trade Commission
A “Stunning Defeat” For The FTC
Reuters: “The First Defeat For An Agency That Has Successfully Brought Such Cases Against Dozens Of Companies.”(Joel Schectman, “U.S. Regulatory Agency Loses First Data Security,” Reuters, 11/16/15)
The Wall Street Journal: “The Federal Trade Commission’s Data-Security Enforcement Efforts Have Received A Setback—At The Hands Of The Commission’s Own In-House Judge.”(Brent Kendall, “Federal Trade Commission Loses Data Security Ruling,” The Wall Street Journal’s Law Blog, 11/16/15)
- “A Long-Running And Sometimes Bitter Case.”(Brent Kendall, “Federal Trade Commission Loses Data Security Ruling,” The Wall Street Journal’s Law Blog, 11/16/15)
“In A Data Security Enforcement Action That Some Have Characterized As A Modern Version Of David Vs. Goliath, David Won Today, And The FTC Lost.”(Dissent, “FTC V. LabMD Ruling Issued: FTC Loses Data Security Enforcement Case,” Databreaches.Net, 11/13/15)
The Privacy Advisor: “The Case Currently Represents The First Time A Company Has Challenged An FTC Complaint Brought On The Grounds Of Unreasonable Information Security And Won.” (San Pfeifle, “FTC Complaint Against LabMD Dismissed,” The Privacy Advisor Blog, 11/16/15)
“FTC Blasted In LabMD Data Security Case.” (Patterson Belknap, “FTC Blasted In LabMD Data Security Case,” Lexology Blog, 11/16/15)
“The Federal Trade Commission Was Handed A Stunning Defeat Late Friday.” (Patterson Belknap, “FTC Blasted In LabMD Data Security Case,” Lexology Blog, 11/16/15)
- Data Security Blog: “The Federal Trade Commission Was Handed A Stunning Defeat Late Friday.” “In a long-running and highly contentious data security enforcement action against LabMD, a small medical testing laboratory, the Federal Trade Commission was handed a stunning defeat late Friday.” (Craig Newman, “FTC Blasted In LabMD Data Security Case,” Data Security Law Blog, 11/16/15)
A Bittersweet Moment For LabMD
The Ruling, While Correct, Can’t Reverse The Damage That’s Already Been Done To LabMD: “This is like getting a guilty verdict after a murder,” he said, noting that his once-thriving business, LabMD, is dead and its former employees have scattered.”(Kirk Victor, “After LabMD scores big victory, will the FTC appeal?,” FTC Watch, 11/17/15)
LabMD CEO Michael Daugherty: “It’s Like After A Murder And The Criminal Is Found Guilty…But The Person Is Still Dead. LabMD Is Still Dead.” (Joel Schectman, “U.S. Regulatory Agency Loses First Data Security,” Reuters, 11/16/15)
- Daugherty: “I Had No Choice But To Fight:” “I spoke with LabMD CEO Michael Daugherty over the weekend about the ruling and its implications. He told me that he fought the FTC because he was faced with “death by a consent decree or death by damage” and that the headline risk of a data security breach in the health care industry would have ‘terrified’ his clients and meant an end to his business. ‘I had no choice but to fight. LabMD is dead. I had nothing to lose.’”(Craig Newman, “FTC Blasted In LabMD Data Security Case,” Data Security Law Blog, 11/16/15)
- And That Fight Will Continue: “No matter what they do, I will not be going away,” Daugherty vowed in an interview with FTC:WATCH following the decision.”(Kirk Victor, “After LabMD scores big victory, will the FTC appeal?,” FTC Watch, 11/17/15)
Cause Of Action’s Dogged Pursuit Of The Truth Played No Small Role In The Judge’s Decision
Pittsburgh Tribune-Review: “Cause Of Action, A Washington Nonprofit, Represented LabMD Before The Administrative Law Judge. Executive Director Daniel Epstein Hailed The Decision For Setting A Higher Standard For The FTC To Show Actual Harm In Cases Of Lost Data.” (Andrew Conte, “Judge Tosses Leak Complaint In Breach Of Patient Information,” Tribune-Review, 11/16/15)
Cause Of Action Enabled LabMD To Become The First Company To “Fight Back Against FTC:” “Attorney Daniel Epstein, executive director of non-profit advocacy, Cause of Action Institute, which represented LabMD in its dispute with the FTC, noted that LabMD was the first company to refuse a ‘consent order’ and fight back against FTC. “After hearing the evidence and reviewing the legal arguments, Chief Judge Chappell decisively rejected FTC’s claims, issuing a decision that will protect small businesses from future government abuses,” Epstein said in a statement.” (Marianne Kolbasuk McGee, “Judge Dismisses FTC Case Against LabMD,” Gov Info Security, 11/17/15)
“The Ruling Culminated A Series Of Victories For Cause Of Action Against The FTC’s Overreach.” (Cause Of Action, Press Release, 11/16/15)
- Cause Of Action Helped LabMD Force An FTC Commissioner To Recuse Herself From The Case: “In December 2013, LabMD sought to disqualify Commissioner Brill on the basis of two speeches the Commissioner had made concerning enforcement activity in the data security area. While denying that these speeches created any such issue, the Commissioner quickly recused herself to avoid creating “an undue distraction” in the adjudication.” (John Graubert, “Administrative Law Judge Dismisses FTC’s LabMD Complaint, Finding Insufficient Evidence of “Substantial Injury” to Consumers,” National Law Review, 11/18/15)
- Cause Of Action Also Helped LabMD Get Faulty Evidence Used By The FTC Dismissed: “After this testimony and similar allegations made elsewhere, FTC staff indicated it would not rely on certain Tiversa-related testimony and evidence in its proposed findings of fact.”(John Graubert, “Administrative Law Judge Dismisses FTC’s LabMD Complaint, Finding Insufficient Evidence of “Substantial Injury” to Consumers,” National Law Review, 11/18/15)
“Cause Of Action Institute Executive Director Daniel Epstein, In A Statement, Called The FTC’s Case “Meritless.”(Dan Bowman, “Judge Dismisses FTC Security Enforcement Case Against LabMD,” FederalHealthIT, 11/16/15)
- Cause Of Action Institute Executive Director Dan Epstein: “Although FTC’s Ostensible Justification For This Boondoggle Was ‘Data Security,’ It Produced No Evidence That Even A Single Patient Was Harmed By LabMD’s Alleged Inadequacies.” (Dan Bowman, “Judge Dismisses FTC Security Enforcement Case Against LabMD,” FederalHealthIT, 11/16/15)
Cause Of Action Noted That The FTC Wasted “Millions Of Taxpayer Dollars:” Cause of Action bashed the FTC for spending “millions of taxpayer dollars” to pursue its claims against the lab, which was forced to wind down operations during the course of the costly matter, and accused the commission of using the case to “intimidate” other businesses into quickly settling similar matters. “This ruling puts a return address on bureaucratic abuses of power, and proves that sometimes the good guys win,” Epstein said.” (Allison Grande, “FTC Loses LabMD Data Security Suit,” Law360, 11/16/15)
The FTC Never Should’ve Gone After LabMD
“It Was An Enforcement Action That The FTC Never Should Have Commenced.” “It was an enforcement action that the FTC never should have commenced, as I’ve argued repeatedly, and today’s loss may actually make future enforcement actions more difficult for them as the standard for demonstrating likelihood of substantial injury has now been addressed in this ruling.” (Dissent, “FTC V. LabMD Ruling Issued: FTC Loses Data Security Enforcement Case,” Databreaches.Net, 11/13/15)
“LabMD Pushed Back And Refused To Settle With The FTC.” “But LabMD pushed back and refused to settle with the FTC. The ensuing three years were filled with numerous discovery and sanctions motions and multiple motions to dismiss, all of which were denied.” (Craig Newman, “FTC Blasted In LabMD Data Security Case,” Data Security Law Blog, 11/16/15)
National Law Review: “The FTC’s allegations were too speculative to support a conclusion of “likely” injury to consumers.” (John Graubert, “Administrative Law Judge Dismisses FTC’s LabMD Complaint, Finding Insufficient Evidence of “Substantial Injury” to Consumers,” National Law Review, 11/18/15)
FierceHealthIT: The FTC “Failed To Prove The Breach Harmed, Or Could Potentially Harm, Consumers.” “The Federal Trade Commission’s data security enforcement case against Atlanta-based cancer screening laboratory LabMD following an alleged 2008 data breach was dismissed Friday by an administrative law judge who said that the agency failed to prove the breach harmed, or could potentially harm, consumers.” (Dan Bowman, “Judge Dismisses FTC Security Enforcement Case Against LabMD,” FierceHealthIT, 11/16/15)
Chief Administrative Law Judge Michael Chappell On Tiversa: “Unreliable, Not Credible. No Weight.” “Judge Chappell scolded the FTC for relying on the work of Tiversa which he found “unreliable, not credible” accorded it ‘no weight.’” (Craig Newman, “FTC Blasted In LabMD Data Security Case,” Data Security Law Blog, 11/16/15)
FTC Watch: The FTC Relied On Highly Questionable Evidence: “The FTC never produced any consumers who actually suffered harm.” (Kirk Victor, “After LabMD scores big victory, will the FTC appeal?,” FTC Watch, 11/17/15)
Chief Administrative Law Judge Michael Chappell: The FTC Investigation Had Not “Identified Even One Consumer That Suffered Any Harm As A Result Of [LabMD’s] Alleged Unreasonable Data Security.” (Brent Kendall, “Federal Trade Commission Loses Data Security Ruling,” The Wall Street Journal’s Law Blog, 11/16/15)
Law360: Judge Rules FTC Failed To Show LabMD Caused Harm To Consumers “Dealing A Blow To The Regulator’s Active Privacy Enforcement Agenda.” “An administrative law judge on Friday tossed the Federal Trade Commission’s closely watched data security suit against LabMD, ruling the commission had failed to show that the laboratory’s alleged conduct had caused harm to consumers and dealing a blow to the regulator’s active privacy enforcement agenda.” (Allison Grande, “FTC Loses LabMD Data Security Suit,” Law360, 11/16/15)
Big Data Tech Law: “The Government’s Case Was Made Uniquely Vulnerable By Its Partial Reliance On The Fruit Of The Uniquely Poisoned Tree.” “Of course, the government’s case was made uniquely vulnerable by its partial reliance on the fruit of the uniquely poisoned tree of which all of you following the case should be well aware, and about which those of you who have not might want to read.” (Jon Neiditz, “No Harm, Big Foul: Why Yesterday’s LabMD Decision Is Stunning And Important,” Big Data Tech Law Blog, 11/14/15)
Big Data Tech Law: “Yesterday’s Decision Is Also Important In … Its Examination In Detail Of The Remarkably Weak Evidence Of Harm Put Forth By The Government And All Of Its Experts.” “Yesterday’s decision is also important to future FTC actions and to data breach litigation more generally in its examination in detail of the remarkably weak evidence of harm put forth by the government and all of its experts.” (Jon Neiditz, “No Harm, Big Foul: Why Yesterday’s LabMD Decision Is Stunning And Important,” Big Data Tech Law Blog, 11/14/15)
Big Data Tech Law: “The Words ‘Speculation’ And ‘Speculative’ Appear Seventeen Times In The Decision, Usually In Judgments About The Quality Of The FTC’s Case And Of The Testimony Of Its Experts.” “The words “speculation” and “speculative” appear seventeen times in the decision, usually in judgments about the quality of the FTC’s case and of the testimony of its experts, and we might expect it to echo through many responses to FTC accusations and data breach disputes in the coming years.”(Jon Neiditz, “No Harm, Big Foul: Why Yesterday’s LabMD Decision Is Stunning And Important,” Big Data Tech Law Blog, 11/14/15)
The Ruling Could Help Protect Other Small Businesses From Future FTC Abuses
“The Decision Sends A Message That Data Security Cases Against The FTC Can Be Won.” “The decision sends a message that data security cases against the FTC can be won, said James Harvey, who co-chairs the cyber security practice at Alston & Bird LLP.” (Joel Schectman, “U.S. Regulatory Agency Loses First Data Security,” Reuters, 11/16/15)
Big Data Tech Law: “[T]he ALJ’s ruling … Has To Be Celebrated As An Act Of Judicial Independence In Our Still-Wonderful Rule Of Law.” “Thus the FTC ALJ’s ruling to the FTC against the FTC on the basis that the FTC’s Complaint Counsel failed to prove its case on the merits — without even reaching LabMD’s affirmative defenses — has to be celebrated as an act of judicial independence in our still-wonderful rule of law, even though or perhaps because it came on the same day as the news from Paris made us wonder about what Life has in store.” (Jon Neiditz, “No Harm, Big Foul: Why Yesterday’s LabMD Decision Is Stunning And Important,” Big Data Tech Law Blog, 11/14/15)
James Harvey Co-Chair Of The Cyber Security Firm Alston & Bird LLP: “Defendants Are Going To Be Very Aware That The FTC Is Not Invincible.” (Joel Schectman, “U.S. Regulatory Agency Loses First Data Security,” Reuters, 11/16/15)
SC Magazine: “A Ruling That Could Reshape Future Federal Trade Commission (FTC) Enforcement Authority.” (Teri Robinson, “Administrative Judge Dismisses FTC Case Against LabMD,” SC Magazine, 11/16/15)