FTC's Data Protection Authority Under Attack in LabMD Case

A medical testing lab has petitioned a federal appeals court to reject the authority of the Federal Trade Commission to enforce data security standards. The commission recently found that LabMD's poor data security practices, which led to a breach of personal medical data, were "unfair" under the FTC Act and ordered the company to take corrective measures. "[T]he privacy harm resulting from the unauthorized disclosure of sensitive health or medical information is in and of itself a substantial injury," the commission explained. EPIC previously filed an amicus brief in FTC v. Wyndham, a similar case in which another appeals court upheld the FTC's data protection authority. The court in that case stated, "A company does not act equitably when it publishes a privacy policy to attract customers who are concerned about data privacy, fails to make good on that promise by investing inadequate resources in cybersecurity, exposes its unsuspecting customers to substantial financial injury, and retains the profits of their business."


« WhatsApp Privacy Update: Spain Investigating Broken Privacy Promises | Main | Report: Facial Recognition is Expansive, Unregulated; Coalition Calls for DOJ Review »

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.

#Privacy