“The Federal Trade Commission’s data-security enforcement efforts have received a setback—at the hands of the commission’s own in-house judge.
Administrative Law Judge D. Michael Chappell late Friday dismissed a long-running and sometimes bitter case involving LabMD, a former medical testing company the FTC accused of failing to provide reasonable or appropriate cybersecurity protections for patient data.
The FTC’s civil case against LabMD had focused largely on the potential exposure of a 1,718-page company report that contained names, dates of birth, social security numbers and other information about 9,300 patients. Online security firm Tiversa found the document on a peer-to-peer file-sharing network in 2008.
After discovering the file, Tiversa contacted LabMD and sought to sell the company data security services, which the firm declined, according to the judge’s ruling. Tiversa later reported to the FTC that LabMD had exposed sensitive patient information, the ruling said.
LabMD, a Georgia-based firm, went out of business in early 2014. The company’s owner and chief executive, Michael Daugherty, has been an unusually aggressive FTC critic, writing a book about his experiences during the commission’s investigation, entitled “The Devil Inside the Beltway.”
Mr. Daugherty said the FTC probe and lawsuit were costly, burdensome and unfair, contributing to the company’s demise. “Yeah we won, but what did we win? We’re dead,” he said. The FTC, he said, “has way too much lopsided power.”