Law360 reports:
LabMD Inc. asked an administrative law judge on Thursday to sanction the Federal Trade Commission for allegedly having a “secretive relationship” with the source of a key piece of evidence in its ongoing data breach case against the company.
LabMD claims the FTC failed to authenticate a key piece of evidence received from a data security company called Tiversa Inc. and its affiliate the Privacy Institute.
Read more on Law360 (subscription required). Cause of Action has uploaded the motion for sanctions here (pdf).
Although most of my FTC v. LabMD coverage can be found on PHIprivacy.net, I’m posting this update here because it raises the issue of how the FTC goes about verifying claims of breaches. Can they or should they rely on the findings of third parties who claim to have found evidence of breaches, and if so, under what circumstances might such reliance be questionable?