DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

FTC pushes back against LabMD application for stay

Posted on September 13, 2016 by Dissent

The FTC has uploaded complaint counsel’s opposition to LabMD’s application for a stay of the final order in FTC v. LabMD. Did they really write that with a straight face? It was difficult to read it without alternately laughing, spluttering, or fuming.

Consider the opening paragraph of complaint counsel’s opposition (I’m interspersing my reactions):

Respondent has failed to meet its burden to show that a stay of the Commission’s Final Order pending appeal is warranted. See Resp’t LabMD, Inc.’s Appl. for Stay of Final Order Pending Review by a U.S. Ct. of Appeals (Aug. 30, 2016) (“Application for Stay”). Respondent holds the most sensitive personal data of hundreds of thousands of consumers, employing data security practices that the Commission has found to be unfair. Additionally, 9,300 consumers whose data was exposed by those practices remain in the dark about that exposure, powerless to take the steps necessary to remedy the serious effects of that exposure.

Oh, the drama! Well, we don’t want consumers powerless if they’re at risk, and yes, these 9,300 individuals may “remain in the dark,” but given that there was no evidence that even a single person had been harmed or was now likely to be harmed, what “serious effects” are there to be remedied at all? If the situation was so dire, why did the FTC wait years before bringing the enforcement action?

The harm consumers continue to suffer without that relief far outweighs any claimed harm to Respondent.

They haven’t suffered ANY harm, much less “continue to suffer.” In contrast, LabMD will suffer significant harm if the order is implemented as it has costly elements that will entail thousands or millions of dollars. And for what? For a here’s-what-could-have-happened-but-we-have-no-evidence-that-any-of-it-actually-happened-at-any-time-in-the-past-eight-years situation? Keep in mind that this incident was not even a reportable breach under HIPAA in 2008, and that HHS had declined to join FTC in the action, as Rachel Seeger of HHS had informed this site when I had inquired about that.

Respondent has failed to show that is likely to succeed on appeal with its recycled arguments. And Respondent has also failed to substantiate its claims of the harm it will suffer if the Commission does not grant a stay. In light of the overwhelming interest of the consumers in the relief provided by the Final Order, the Commission should deny Respondent’s Application for Stay.

I don’t know of a single consumer whose data were involved who has any interest in the relief provided, much less “overwhelming” interest. Of course, FTC will argue, “Well, how can they express interest when they don’t even know?” To which I’d respond, “You had years to contact them and inquire as to their concern or interest, but you didn’t. Your failure to investigate shouldn’t give you the right to assert that they have overwhelming interest in your fecocktah remedies.”

Yes, there is great harm here to consumers. But the great harm is to the general public, whose tax dollars have been squandered on this enforcement action when other cases have gone uninvestigated or unaddressed.

I really shouldn’t start my day by thinking about this case.

 

Related posts:

  • FTC Takes Action Against Drizly and its CEO James Cory Rellas for Security Failures that Exposed Data of 2.5 Million Consumers
  • FTC Says Genetic Testing Company 1Health Failed to Protect Privacy and Security of DNA Data and Unfairly Changed its Privacy Policy
  • FTC Enforcement Action to Bar GoodRx from Sharing Consumers’ Sensitive Health Info for Advertising
Category: Commentaries and AnalysesHealth Data

Post navigation

← VoIPtalk admits to possible data breach
NJ: Maplewood tax firm hacked; data held for ransom →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.