The High Cost of Data Breaches

Privacy Lawyer

In the emerging world of data privacy breaches, new litigation makes clear that data breaches may ultimately destroy a business. In a recent case, the US Court of Appeals for the 11th Circuit has ruled that the FTC has the authority to investigate data breaches until a final action is issued by the regulatory body. In the matter of LabMD v. FTC, LabMD discovered that it could not seek a judicial remedy to avoid an FTC enforcement action until a final action has been issued by the administrative agency. Though this outcome is interesting from a legal perspective, it also likely resulted in the destruction of LabMD’s business, further evidencing the importance of data security and the consequences for ignoring it.

LabMD is a laboratory that provides cancer testing services for doctors. Unfortunately, due to an employee mishap, LabMD’s files could be accessed by the LimeWire peer-to-peer network, which soon came to the FTC’s attention. The FTC initiated an investigation alleging that LabMD had inappropriately exposed the personal data of 10,000 consumers, and it proceeded to investigate LabMD’s purported breach for several years. After numerous administrative legal actions between the parties occurred, LabMD initiated an action in the US District Court for the District of Columbia, which sought injunctive relief against the FTC’s actions on the legal theory that the FTC lacks authority to regulate data breaches pursuant to its statutory powers provided by Congress. Four days later, LabMD filed an emergency motion with the 11th Circuit Court of Appeals. The 11th Circuit denied LabMD’s motion on the basis that it lacked subject matter jurisdiction over anything but a “cease and desist” order issued by the FTC. Subsequently, LabMD voluntarily dismissed its action in the District of Columbia.

In January 2014, LabMD announced that it would cease doing business because of the effects of the FTC enforcement action. LabMD continued, however, to fight the FTC’s authority to police data breaches. In March 2014, LabMD filed suit in the district court for the Northern District of Georgia to enjoin the FTC’s enforcement efforts. The Northern District of Georgia dismissed the case in May of 2014 on the basis that the FTC had not issued a final agency action and, therefore, the Court lacked authority to enjoin the FTC’s actions. LabMD appealed to the 11th Circuit, and the 11th Circuit agreed with the Northern District of Georgia.

The LabMD case certainly seems to indicate that the FTC may have the authority to regulate and enforce penalties against companies responsible for data breaches under Section 5 of the Federal Trade Commission Act. This means that companies, in determining their potential liability for data breaches, should presume that the FTC could institute an enforcement action for a data breach until a court says otherwise. Further, it illustrates a more basic point: companies need to take data security and breach protocols seriously or face liability, whether from individual plaintiffs, class actions, or FTC regulatory action. If your company faces liability from a data breach, contact a data breach lawyer before it is too late.

Extra, Extra!
Recent Posts

Fairness Factors For Your College NIL Agreement

Fairness Factors For Your College NIL Agreement

Corporate

In May 2025, as part of a settlement of litigation involving college football, a new entity was created called the College Sports Commission (“CSC” or “Commission”). See news media reports here and here. Among many other purposes, the CSC will monitor and approve name, image, and likeness (“NIL”) agreements for college athletes. As the term […]

Read more about Fairness Factors For Your College NIL Agreement

Is a “Fanciful” Trademark the Best Type of Trademark?

Is a “Fanciful” Trademark the Best Type of Trademark?

Trademark

Trademarks are words, designs, symbols, logos, and other things that are used/associated with goods or services that identify the specific commercial source of the goods/services. COCA-COLA, APPLE, and GUCCI are just a few famous examples. If COCA-COLA is on the bottle, consumers know what to expect from the beverage in the bottle. The same for […]

Read more about Is a “Fanciful” Trademark the Best Type of Trademark?

Put Revision Legal on your side