The FTC has uploaded complaint counsel’s opposition to LabMD’s application for a stay of the final order in FTC v. LabMD. Did they really write that with a straight face? It was difficult to read it without alternately laughing, spluttering, or fuming.
Consider the opening paragraph of complaint counsel’s opposition (I’m interspersing my reactions):
Respondent has failed to meet its burden to show that a stay of the Commission’s Final Order pending appeal is warranted. See Resp’t LabMD, Inc.’s Appl. for Stay of Final Order Pending Review by a U.S. Ct. of Appeals (Aug. 30, 2016) (“Application for Stay”). Respondent holds the most sensitive personal data of hundreds of thousands of consumers, employing data security practices that the Commission has found to be unfair. Additionally, 9,300 consumers whose data was exposed by those practices remain in the dark about that exposure, powerless to take the steps necessary to remedy the serious effects of that exposure.
Oh, the drama! Well, we don’t want consumers powerless if they’re at risk, and yes, these 9,300 individuals may “remain in the dark,” but given that there was no evidence that even a single person had been harmed or was now likely to be harmed, what “serious effects” are there to be remedied at all? If the situation was so dire, why did the FTC wait years before bringing the enforcement action?
The harm consumers continue to suffer without that relief far outweighs any claimed harm to Respondent.
They haven’t suffered ANY harm, much less “continue to suffer.” In contrast, LabMD will suffer significant harm if the order is implemented as it has costly elements that will entail thousands or millions of dollars. And for what? For a here’s-what-could-have-happened-but-we-have-no-evidence-that-any-of-it-actually-happened-at-any-time-in-the-past-eight-years situation? Keep in mind that this incident was not even a reportable breach under HIPAA in 2008, and that HHS had declined to join FTC in the action, as Rachel Seeger of HHS had informed this site when I had inquired about that.
Respondent has failed to show that is likely to succeed on appeal with its recycled arguments. And Respondent has also failed to substantiate its claims of the harm it will suffer if the Commission does not grant a stay. In light of the overwhelming interest of the consumers in the relief provided by the Final Order, the Commission should deny Respondent’s Application for Stay.
I don’t know of a single consumer whose data were involved who has any interest in the relief provided, much less “overwhelming” interest. Of course, FTC will argue, “Well, how can they express interest when they don’t even know?” To which I’d respond, “You had years to contact them and inquire as to their concern or interest, but you didn’t. Your failure to investigate shouldn’t give you the right to assert that they have overwhelming interest in your fecocktah remedies.”
Yes, there is great harm here to consumers. But the great harm is to the general public, whose tax dollars have been squandered on this enforcement action when other cases have gone uninvestigated or unaddressed.
I really shouldn’t start my day by thinking about this case.