Read the full story:  Winston and Strawn

LabMD joins Wyndham Hotels & Resorts LLC in challenging the FTC’s authority to regulate and punish entities for data security breaches. Like Wyndham, LabMD argues that because the FTC has never issued regulations, standards, or guidelines regarding data security under Section 5, LabMD had no constitutionally adequate fair notice of what Section 5 of the FTC Act requires, and thus, the FTC’s administrative actions against it violate the Fifth Amendment’s Due Process Clause. LabMD also argues that HHS, rather than the FTC should enforce patient security breach matters under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (LabMD is a covered entity and thus subject to HHS regulation). LabMD has requested a preliminary injunction in its favor, and the case is still pending.