The High Cost of Data Breaches

Privacy Lawyer

In the emerging world of data privacy breaches, new litigation makes clear that data breaches may ultimately destroy a business. In a recent case, the US Court of Appeals for the 11th Circuit has ruled that the FTC has the authority to investigate data breaches until a final action is issued by the regulatory body. In the matter of LabMD v. FTC, LabMD discovered that it could not seek a judicial remedy to avoid an FTC enforcement action until a final action has been issued by the administrative agency. Though this outcome is interesting from a legal perspective, it also likely resulted in the destruction of LabMD’s business, further evidencing the importance of data security and the consequences for ignoring it.

LabMD is a laboratory that provides cancer testing services for doctors. Unfortunately, due to an employee mishap, LabMD’s files could be accessed by the LimeWire peer-to-peer network, which soon came to the FTC’s attention. The FTC initiated an investigation alleging that LabMD had inappropriately exposed the personal data of 10,000 consumers, and it proceeded to investigate LabMD’s purported breach for several years. After numerous administrative legal actions between the parties occurred, LabMD initiated an action in the US District Court for the District of Columbia, which sought injunctive relief against the FTC’s actions on the legal theory that the FTC lacks authority to regulate data breaches pursuant to its statutory powers provided by Congress. Four days later, LabMD filed an emergency motion with the 11th Circuit Court of Appeals. The 11th Circuit denied LabMD’s motion on the basis that it lacked subject matter jurisdiction over anything but a “cease and desist” order issued by the FTC. Subsequently, LabMD voluntarily dismissed its action in the District of Columbia.

In January 2014, LabMD announced that it would cease doing business because of the effects of the FTC enforcement action. LabMD continued, however, to fight the FTC’s authority to police data breaches. In March 2014, LabMD filed suit in the district court for the Northern District of Georgia to enjoin the FTC’s enforcement efforts. The Northern District of Georgia dismissed the case in May of 2014 on the basis that the FTC had not issued a final agency action and, therefore, the Court lacked authority to enjoin the FTC’s actions. LabMD appealed to the 11th Circuit, and the 11th Circuit agreed with the Northern District of Georgia.

The LabMD case certainly seems to indicate that the FTC may have the authority to regulate and enforce penalties against companies responsible for data breaches under Section 5 of the Federal Trade Commission Act. This means that companies, in determining their potential liability for data breaches, should presume that the FTC could institute an enforcement action for a data breach until a court says otherwise. Further, it illustrates a more basic point: companies need to take data security and breach protocols seriously or face liability, whether from individual plaintiffs, class actions, or FTC regulatory action. If your company faces liability from a data breach, contact a data breach lawyer before it is too late.

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side