Senior Communications Manager
Scott Delacourt Discusses Impact of LabMD v. FTC Decision by Eleventh Circuit
Scott D. Delacourt, chair of Wiley Rein’s Federal Trade Commission (FTC) Practice, was quoted extensively in a June 8 BioWorld MedTech article regarding the history and outcome of the LabMD v. FTC case, which was decided by the Eleventh Circuit last week. The case initially came to the FTC via an IT security company called Tiversa, which reportedly accessed a LabMD file about a decade ago that contained sensitive patient information, and then used a shell company to hand off the alleged breached data of LabMD to the FTC. However, “by the time the case reached the Eleventh Circuit, that wasn’t the issue,” Mr. Delacourt told BioWorld MedTech.
The FTC could have reasonably backed off of the case because LabMD and Tiversa were the only entities in possession of the patient data files, and Tiversa had “arguably broken the law in accessing the files” in the first place, said Mr. Delacourt. He added that the agency sought to proceed with the case against LabMD to “signal something to other firms in terms of their data security practices.”
The decision by LabMD to fight the FTC’s enforcement action was unusual, said Mr. Delacourt, who cited the risks and costs of pursuing such a challenge. He explained that most companies opt to resolve FTC complaints through a consent decree – and as a result, these issues don’t often get tested in the courts.
Mr. Delacourt noted that the LabMD case before the Eleventh Circuit drew a number of amicus briefs, with “the common theme being an industry belief that they should not be subject to enforcement action … where they don’t know what would constitute reasonable data security in the eyes of the FTC.”
It’s an “open question about what the new FTC is going to do” following the Eleventh Circuit’s decision, Mr. Delacourt told BioWorld MedTech. He said the agency will probably be “less entrepreneurial with regard to Section 5 authority, but that remains to be seen.”