By Steven Trader Law360 Click here for a downloadable copy
A group of eight privacy and security law professors on Thursday threw their support behind the Federal Trade Commission in its Eleventh Circuit battle with LabMD to keep intact a ruling that an alleged data leak harmed consumers, saying the agency’s approach to regulating privacy spurs better protection practices.
In an amicus brief, the group of academics, who hail from the University of California Berkeley and George Washington University, among others, lent their support to the FTC’s July ruling that overturned its own administrative law judge and concluded the lab’s failure to employ “basic” security precautions led to an unauthorized disclosure of sensitive medical data that caused “substantial” harm to consumers, in violation of the unfairness prong of Section 5 of the Federal Trade Commission Act.
While LabMD and its own amici supporters have contended that the FTC stretched its own unfairness authority too far, the academics on Thursday wrote that the agency’s use of its unfairness authority in the data privacy context actually encourages corporations to develop “progressive and dynamic approaches to privacy policies.”
“Its enforcement actions, in particular, have encouraged responsible companies to invest in internal privacy and security professionals and increased the power and resources these professionals have to evolve and strengthen firm privacy practices,” the group wrote.
Though the medical lab and its supporters have criticized the agency’s enforcement action as a “circumventing of the legislative process,” which harms businesses by subjecting them to vague and constantly changing data security measures,” the professors said Thursday the FTC’s governance style has been “open and collaborative,” and that its actions against LabMD were nothing out of the ordinary.
“The FTC has frequently used its Section 5 authority to curb or prevent disclosure of consumers’ confidential medical information in prior health-related enforcement actions,” the academics wrote. “Its finding of injury and substantial risk of injury stemming from LabMD’s disclosure of patient medical records here is thoroughly consistent with the FTC precedent.”
Thursday’s amicus filing comes on the heels of a Feb. 10 reply brief the FTC filed in the Eleventh Circuit defending its July decision and striking back against LabMD’s opening brief claims it overstepped its authority and in the process destroyed the small medical testing company’s business, which shuttered in 2014 due to the expense of fighting the enforcement action.
LabMD in particular has taken issue with the commissioners’ conclusion that the purported leak of a file containing personal data belonging to approximately 9,300 patients in 2008 constituted the type of “substantial” injury necessary to support a Section 5 claim, especially since there was no evidence that any of the compromised data had ever been misused or that the affected consumers had suffered any tangible harm.
A group of amici from the business, tech and medical communities, including the U.S. Chamber of Commerce, TechFreedom and the National Technology Security Coalition, backed up the lab in early January, contending that the power that Congress bestowed upon the commission when enacting Section 5 do not include the ability to set and enforce general data security policy.
In a response to the professors’ brief in support of the FTC, LabMD CEO Michael Daugherty told Law360 it was “quite telling that the FTC could only muster up academic lawyers.
“Where are all the technologists, chief information security officers, physicians and business leaders supporting the FTC? They’re not,” Daugherty said. Only academics and bureaucrats who make their living off regulation and government can look the court in the face and believe concrete harm comes from any situation where no victims can be found.”
The eight amici professors include Kenneth Bamberger, Woodrow Hartzog, Chris Hoofnagle, William McGeveran, Deirdre Mulligan, Paul Ohm, Daniel Solove and Peter Swire. The academics are represented by Michael W. Sobol, Nicholas R. Diamand and Laura B. Heiman of Lieff Cabraser Heimann & Bernstein LLP.
LabMD is represented by Doug Meal, David Cohen, Michelle Visser and Douglas HallwardDriemeier of Ropes & Gray LLP.
The FTC is represented by staff attorneys Theodore Metzler and Michael Hoffman.
The case is LabMD Inc. v. Federal Trade Commission, case number 16-16270, in the U.S. Court of Appeals for the Eleventh Circuit. –Editing by Kelly Duncan