• |

Aug. 24, 2016

Takeaways From the FTC’s Revival of the LabMD Action 

  • Amy Terry Sheehan
    Cybersecurity Law Report
What constitutes privacy harm? What are reasonable data security practices? Companies and regulators struggle to pin down these pressing questions while technology keeps moving the baseline. In the first data security case litigated before the FTC, the agency provided some answers, finding that the data security practices of LabMD were unfair under the FTC Act. The FTC disagreed with the Administrative Law Judge, who held in November 2015 that the FTC had not shown that LabMD’s conduct caused, or is likely to cause, substantial consumer injury. “The bottom line significance for companies is that you have to have reasonable security at the outset,” Phyllis Marcus, Hunton & Williams counsel, said. “Everything else flows from that. It matters much less what happens to a document once it’s breached or leaked and what actual consumer harm may be down the road than what the security measures were at the outset.” For a discussion of ALJ’s November decision, see “FTC Loses Its First Data Security Case” (Nov. 25, 2015). 

To read the full article

Continue reading your article with a CSLR subscription.

Most-Read Articles

Spotlight on Trailblazing Women

To mark International Women’s Day 2024, women editors and reporters of ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Jill Abitbol, Managing Editor of the Cybersecurity Law Report and Anti-Corruption Report, features notable women in data privacy, cybersecurity, white collar defense, compliance and anti-corruption law, including Christina Montgomery, Leslie Shanklin, Palmina Fava, Alexandra Ross and Lucinda Low. Enjoy reading their inspiring remarks here.

We Celebrate Data Privacy Day 2024

Read the full brief here.