Appeals court rules FTC sanction for Atlanta’s defunct LabMD too vague


A U.S. Court of Appeals ruled Wednesday that a now-defunct Atlanta medical facility’s security practices were not at fault when the private information of more than 9,000 customers were exposed through a file sharing service 10 years ago.

It is a decision former LabMD CEO Michael Daugherty called bittersweet, saying that although the court process drove LabMD out of business, the ruling proves his company did nothing wrong. At the same time, legal experts agree the decision will have an effect on how cybersecurity and digital privacy matters are handled by the FTC.

The Federal Trade Ccommission ordered LabMD to overhaul its cybersecurity system after the private information of 9,300 customers were stored to the file sharing site Limewire, enabling it to be accessed by a third-party security service in 2008. The Eleventh Circuit ruled that order was overly vague, while Daugherty maintains LabMD’s security system was never an issue.

“We never even had a breach,” Daugherty said. “The data was never out of control.”

According to the decision, the issue with the FTC’s order is its lack of specificity, which makes it unenforceable.

“In the case at hand, the cease and desist order contains no prohibitions,” the decision reads. “It does not instruct LabMD to stop committing a specific act or practice. Rather, it commands LabMD to overhaul and replace its data-security program to meet an indeterminable standard of reasonableness.”

The FTC has the ability to appeal the case to the U.S. Supreme Court, but it has not announced a decision to do so. The FTC did not respond to a request for comment from The Atlana Journal-Constitution.

While the case appears to have a narrow application, the ruling will likely affect how the FTC enforces cybersecurity issues, said Fazal Khan, a professor at the University of Georgia School of Law specializing in health law, because the FTC will now have to be more specific in any orders it gives to companies.

Peter Swire, a professor of cybersecurity at Georgia Tech, said a possible outcome of the case might be more cybersecurity enforcement at the state level. Many states, Swire said, have cybersecurity laws that require specific actions. Georgia is not one of those states.

Throughout the case, Daugherty has been critical of the FTC, calling the federal agency “reckless” and saying the government attempted to bully his company into submission with a drawn out court process, which first had to go through an administrative law judge at the FTC. Daugherty, who said he had at least $6 million in pro bono defense during the case, has written a book, titled “The Devil Inside the Beltway,” about the incident.

Breaches of private customer information have been an issue for many large corporations in recent years. Millions have been affected by data exposures, revealing details from Social Security numbers to credit card information, from companies such as Blue Cross Blue Shield, Target and Home Depot.



Reader Comments ...


Next Up in Business

Hartsfield-Jackson shifts plan to add more gates
Hartsfield-Jackson shifts plan to add more gates

The world’s busiest airport is mulling over how it can add more gates and become even busier. But the challenges Hartsfield-Jackson International Airport faces are numerous — finding space to build more gates, predicting airline growth in the years and decades to come, and figuring out how to keep the price tag under control. The Atlanta...
Delta strikes partnership with Kenya Airways
Delta strikes partnership with Kenya Airways

Delta Air Lines has a new code-share marketing partnership with Kenya Airways for flights to and from Nairobi. Code-sharing can allow passengers to easily book connecting itineraries on two airlines. Kenya Airways has its hub in Nairobi. This code-share partnership started Aug. 11 with Delta putting its code on Kenya Airways flights to Nairobi from...
Metro Atlanta home prices rise nearly twice as fast as nation’s
Metro Atlanta home prices rise nearly twice as fast as nation’s

If you live in a desirable area and you’re thinking of selling your home, your timing is good. Of course, if you’re looking to buy – especially if you’re a first-timer looking for a good deal in a nice neighborhood – you may find yourself bidding against a lot of other people like yourself. All in all, it’s a sellers&rsquo...
Georgia adds jobs, unemployment at 17-year low
Georgia adds jobs, unemployment at 17-year low

The state started the second half of the year with a solid month of hiring as the economy added 5,300 jobs and the unemployment rate fell to its lowest level since 2001. Georgia’s jobless rate slipped from 4.1 percent in June to 3.9 percent in July as corporate hiring powered growth, as the sector’s strong hiring made up for seasonal...
Wes Moss: How 6 percent rule can help with pension payout decision
Wes Moss: How 6 percent rule can help with pension payout decision

Those of us who are fortunate enough to have an employee pension may face a difficult question one day — do we take our money in a lump sum or stick with monthly payments over time? Companies are increasingly offering this type of deal to both soon-to-be retirees and former employees who are already retired and taking the monthly check. If you&rsquo...
More Stories