Cyber Security Defense Verdict In FTC Administrative Action

Successfully defended LabMD at trial before the FTC Chief Administrative Law Judge. LabMD is the medical laboratory whose data security policies, practices and procedures allegedly violated section 5 of the FTC Act. After a lengthy trial the Administrative Law Judge dismissed the complaint. This is a landmark case because it is the first instance in which the FTC has prosecuted a HIPAA “Covered Entity” for violation of consumer privacy without being joined by HHS. It is also the first instance in which the FTC has been forced to take a case to trial involving data security and privacy. Thus this case established the adjudicatory framework for FTC cyber security administrative trials including the standard of proof and elements required to prove section 5 consumer harm in a cyber security case.