Michael in Print

file9791234819983

18 Sep Critics tell FTC to back off on data security complaints

 

The agency has no specific data security rules and operates from a vague statute, critics say

The FTC should back away from authority it says it has under a vague section of law that doesn’t mention data security, said the critics, including Mike Daugherty, CEO of Atlanta diagnostic lab LabMD, which is fighting an FTC complaint.

The agency should instead seek specific authority to enforce data security rules from the U.S. Congress and should define what data security standards it expects from companies, instead of seeking sanctions on a case-by-case basis, said speakers during a discussion on FTC authoritysponsored by TechFreedom, an antiregulation think tank, and Cause of Action, a government watchdog group defending LabMD.

The FTC’s complaint against the small lab wasn’t based on established rules that agency officials could point to, Daugherty said.

The FTC, instead of looking for real consumer harm, seems to be saying, “We’re going to take one victim and going to hold them accountable,” said Gerry Stegmeier, a privacy and data security lawyer.

 

Find more of the story here.

If you enjoyed reading this article, sign up for my newsletter and follow me on:

Facebook |  Twitter  |   Google+  |  Pinterest  |   LinkedIn

The Devil Inside the Beltway can be purchased:

Amazon  |   Kobo  |   B&N   

Read More

13 Sep LabMD CEO Michael Daugherty fights ‘The Devil Inside the Beltway’

Screen Shot 2016-01-11 at 11.24.59 AM

Quote from The Business Journals

You might think that LabMD is fighting a lonely battle against theFederal Trade Commission — most businesses accused by the agency of failing to “reasonably protect” the security of its customers’ data settle their cases. But LabMD not only is challenging the FTC’s complaint, its CEO also is using this case to make a point about out-of-control regulators. He’s written a book,“The Devil Inside the Beltway,” and he’s found allies in Washington, D.C. On Thursday he was the star panelist at a briefing held by Tech Freedom and Cause of Action, two organizations that question the FTC’s approach to data security.

Read More

11 Sep FTC complaint against medical laboratory signals agency’s continued intent to assert authority in data-security-breach actions

Screen Shot 2016-01-11 at 11.27.57 AM

Quote from Lexology

In taking action against medical laboratory LabMD, the U.S. Federal Trade Commission demonstrated its continued intent to assert authority through the Federal Trade Commission Act in data-security-breach actions. On August 29, 2013, the FTC announced the filing of an administrative complaint alleging that LabMD failed to take reasonable measures to protect sensitive consumer information. TheLabMD action is notable because almost all other actions in which the FTC has made similar allegations have settled without being litigated. The action may result in an administrative law judge ruling on the theory of liability advanced by the FTC in these prior cases, none of which has ever drawn a judicial opinion on the merits, and should accordingly be monitored closely by all companies that collect or use consumer information.

 

Read More

11 Sep PSYCHICS, RUSSIAN ROULETTE, AND DATA SECURITY: THE FTC’S HIDDEN DATA-SECURITY REQUIREMENTS

Quote from document

Data breaches continue to grab headlines. According to a recent report published by Verizon, there were at least 855 data breaches affecting over 174 million data records in 2011 across the globe. According to the report, most data breaches involved malicious activity by outsiders. In other words, most of the entities with a reported data breach are victims of criminal activity.

Read More

10 Sep LabMD Slams ‘Oppressive’ FTC Subpoenas In Data Breach Row

Screen Shot 2016-01-11 at 11.31.01 AM

Quote from Law 360

LabMD Inc. on Tuesday slammed the Federal Trade Commission over some three dozen third-party subpoenas it has issued in its ongoing investigation of alleged security breaches at the cancer diagnosis firm that the agency claims exposed the private medical information of thousands of consumers.

LabMD characterized the FTC’s move, which it said follows after years of discovery during which the firm has already submitted over 5,000 pages of documents since 2010, as an undermining tactic meant to harm its reputation and sap its financial resources

Read More

11 Jul Two cases could disrupt FTC’s data security authority

Screen Shot 2016-01-11 at 11.12.54 AM

Quote from SC Magazine

It is commonly said that all businesses should expect to be breached at one point or another. And after that, the Federal Trade Commission (FTC) could come knocking.

But hotelier Wyndham Worldwide and medical testing provider LabMD are two companies that are pushing back against separate investigations launched by the consumer protection agency, which asserts that the two companies experienced data breaches that exposed sensitive client information. The results of the cases could decide whether the FTC can continue to punish companies that have been breached.

Mark Eichorn, assistant director of the division of privacy and identity protection at the FTC, told SCMagazine.com that the Wyndham case was filed and briefed in Arizona, and recently changed venues to New Jersey, where there is a pending motion to dismiss filed by Wyndham.

“That motion has been briefed for a while,” Eichorn said, explaining that a ruling expected in mid-June never came to pass, and now it’s just a question of when the court will rule on it. “In Arizona, it was pending for a while and was never ruled on,” he said.

While he could not comment on the LabMD proceedings, since they are not currently available to the public, he did say that a motion to dismiss the complaint was rejected by the FTC – meaning LabMD is required to respond to the FTC’s Civil Investigative Demand (CID).

Read More

25 Oct Breaking News: U.S. Chamber of Commerce Publishes Article featuring LabMD and Michael J Daugherty on Cyber Security

 

 

Link: http://www.freeenterprise.com/technology/fbi-says-expect-be-hacked-ftc-says-expect-us-sue-you?nostyle=true.

Reprint:

FBI Says, Expect to Be Hacked; FTC Says, Expect Us to Sue You

Oct 24, 2012

FBI director Robert Mueller is quoted in a CNN Money story today on the data security crisis now facing American businesses – an issue of particular importance to small businesses:

There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again.

The U.S. Chamber continues to lead efforts to address the data security crisis, by actively engaging in discussions with Congress regarding federal data security and data breach legislation. The Chamber also recently released an Internet security guide, “Internet Security Essentials for Business 2.0.

Unfortunately, the FTC is throwing American businesses who are victims of hacking under the bus by punishing them for not successfully preventing the hacks – in spite of the stark reality described by the FBI’s Robert Mueller.

Take the FTC’s lawsuit against Wyndham Worldwide Corp., which was the victim of a global hacking scheme, as just one recent example of an FTC run amok. I explained the Wyndham case and the FTC’s approach to “regulating” data security in a recent blog post:

Over the last few years, the FTC has routinely punished businesses who are themselves hacking victims for allegedly failing to have “reasonable” data security measures in place – only there’s no way for a business to truly know beforehand what the FTC will consider “reasonable” measure until after it’s been hacked.

Because the FTC has never formally promulgated any data security standards, a business has no way of knowing whether it’s compliant until after it’s been hacked, had its data stolen, completed a costly FTC investigation, and an enforcement action has been filed against it. Then the FTC strong-arms the business into entering into so-called “settlement” agreements (or “consent orders”) that often give the FTC roving and unchecked authority for the next 20 years to conduct audits and impose penalties on the business – again, for violating non-existent data security standards.

The FTC’s approach to data security is particularly damning for small businesses, who often are compelled to divert their time and precious resources on lawyers and litigation, rather than on growing their businesses – and creating jobs.

Take the tale of LabMD, a Georgia-based cancer detection company, as just one example of how the mere allegation of inadequate data security can subject a business to years of expensive FTC investigations and reputational injury – which can derail a small business’s growth agenda, and cost jobs. The Atlanta Business Chronicle reported on this case and interviewed Michael Daugherty, LabMD’s founder and CEO:

Daugherty contends his company is being unreasonably persecuted by the FTC. He said he’s already spent about $500,000 fighting the investigation.

“We are guilty until proven innocent to these people,” Daugherty said in a Sept. 5 interview with Atlanta Business Chronicle. “They are on a fishing expedition. We feel like they are beating up small business.”

“There’s no deception. There’s not been a breach,” he said.

Of course, the initial FTC investigation (which in this case has already cost LabMD half a million dollars) is just the tip of the iceberg. In reference to its investigation, the FTC told the Atlanta Business Chronicle that “[t]here is no allegation that anybody has done anything wrong.”

If that’s the type of treatment and expenses that small businesses can expect to incur even when the FTC claims “there is no allegation that anybody has done anything wrong,” then there is certainly something wrong with how the FTC is conducting its business.

Visit ChamberLitigation.com to read more about the FTC v. Wyndham Worldwide Corp, et al. lawsuit and the amicus brief  filed in support of the company by the National Chamber Litigation Center, the U.S. Chamber’s public policy law firm.

 

Originally published October 24, 2012. Reprinted by permission, http://www.freeenterprise.com, October 2012. Copyright© 2012, U.S. Chamber of Commerce.

~   ~   ~

Michael Daugherty is President & CEO of LabMD, an Atlanta-based clinical and anatomic medical laboratory with a national client base. Mike founded LabMD in 1996 after 14 years in surgical device sales with U.S. Surgical Corp. and Mentor Corporation.

Outside of LabMD, enjoys playing tennis, travel, and flying his Cirrus SR22 Turbo single engine aircraft.

Mike can be found:

Facebook * Twitter * LinkedIn * Pinterest

Google+ Michael J Daugherty

Read More

24 Oct FBI Says, Expect to Be Hacked; FTC Says, Expect Us to Sue You

Screen Shot 2016-01-11 at 11.08.50 AM

Quote from Free Enterprise

FBI director Robert Mueller is quoted in a CNN Money story today on the data security crisis now facing American businesses – an issue of particular importance to small businesses:

There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again.

The U.S. Chamber continues to lead efforts to address the data security crisis, by actively engaging in discussions with Congress regarding federal data security and data breach legislation. The Chamber also recently released an Internet security guide, “Internet Security Essentials for Business 2.0.

Unfortunately, the FTC is throwing American businesses who are victims of hacking under the bus by punishing them for not successfully preventing the hacks – in spite of the stark reality described by the FBI’s Robert Mueller.

Read More

07 Sep Breaking News – Michael J Daugherty interviewed in the Atlanta Business Chronicle

I was interviewed by Amy Wenk, staff writer of the Atlanta Business Chronicle today.  They asked some interesting questions about the Federal Trade Commission and how they conduct themselves.

To see a full copy of this article, click to download .

For a link to see the preview on the Atlanta Business Chronicle, click HERE.

What are your thoughts on this?

 

Stay tuned for more news about this and my new book The Devil inside the Beltway:The Devil Inside the Beltway Cover

Read More