FTC Complaint Dismissed in LabMD Data Security Case

eHealth Law & Policy Journal December 2015

Patricia M. Wagner, a Member of the Firm in Health Care and Life Sciences practice, in the firm’s Washington, DC, office, authored an article in eHealth Law & Policy Journal titled “FTC Complaint Dismissed in LabMD Data Security Case.”

Following is an excerpt (see below to download the full article in PDF format):

In his dismissal, the ALJ held that the FTC had failed to demonstrate that consumers had been harmed or were likely to be harmed. Rather than merely relying on statistical studies evaluating the likelihood of identity theft, the ALJ evaluated the veracity and applicability of those studies to the case at hand. One of the FTC’s experts testified regarding the risk to consumers using a four factor risk analysis: 1) the nature of the information disclosed; 2) to whom the disclosure was made; 3) whether the information was actually acquired or viewed; and 4) whether the data is still available for misuse by others. … In applying this test to the information available in the Insurance File, the ALJ held that the evidence demonstrated that the Insurance File had not been accessed by multiple outside individuals. Instead the Insurance File had only been accessed by Tiversa, a professor with whom Tiversa was collaborating, and the FTC. As a result, the ALJ opined, “there is no contention, or evidence, that the foregoing persons or entities present a threat of harming consumers.” …