News

09 Feb Privacy Group Of The Year: Ropes & Gray LLP

unnamed

Law360, New York (February 2, 2017, 6:53 PM EST) — Ropes & Gray’s work on what’s sure to be one of the most important privacy decisions coming down the pipe in 2017 — LabMD’s appeal against the Federal Trade Commission over its data security practices — makes the firm’s privacy team one of Law360’s Practice Groups of the Year.

Ropes & Gray defended some of the biggest privacy cases of the year, including taking on the role of lead counsel in the LabMD appeal against the FTC, which will serve as an important test deciding whether the Federal Trade Commission has authority to bring cases on intangible consumer injuries.

LabMD tapped the firm in August to bring the case to the Eleventh Circuit, part of a sprawling grudge match with cybersecurity company Tiversa that started with the alleged theft of a patient data file.

The FTC began its investigation into LabMD’s data security practices in early 2010 after cybersecurity firm Tiversa Holding Corp. allegedly stole medical data from the company’s systems. The commission then opened an administrative complaint against the lab in August 2014, saying the company violated the FTC Act’s prohibition on unfair acts and practices on the basis that its security measures didn’t provide reasonable security against theft.

In that case, Ropes & Gray attempts to portray an FTC that has too rigorously flexed its regulatory muscle. The firm argues that an order issued by the commission against the cancer-testing company in July, which requires that LabMD take measures like setting up an information security program and obtaining biennial assessments by an outside auditor — would “effectuate a breathtaking expansion of the FTC’s authority that the legal community and members of Congress have already called into serious question” if allowed to stand.

”What the FTC did here was so egregious in so many different ways,” co-chair Doug Meal said about the case, adding that an appeal win for LabMD “will make the playing field way different.”

In Ropes & Gray’s view, the FTC’s enforcement authority in the privacy and data security space will be dramatically expanded if the FTC decision is upheld.

When it comes to those high-stakes cases like LabMD, it’s all hands on deck, said the group’s co-chairs Meal and Heather Sussman in Boston, and Rohan Massey in the UK. Ropes & Gray has a big team of privacy attorneys that work together across geographies to bring to bear the right expertise and strategies on a case. Sometimes that means being selective with bringing arguments, Meal said.

“We really pressure tested every argument at length to identify which arguments we thought would be the ones to advance,” Meal said about the LabMD case, which meant leaving “some very, very substantial issues on the cutting-room floor because we felt there were better tactics to make certain arguments in detail, and tellingly.”

“Those are the kind of choices you have to make when you’re arguing an appeal,” he added.

But the LabMD litigation, as Meal puts it, isn’t the group’s first rodeo when it comes to handling a major appeal, and the case adds to an already meaty list of data breach clients, including Wyndham, Hilton, Genesco, Aldo, Target, TJX, Heartland, Home DepotNeiman Marcus, Sony, and Supervalu, among others.

In the Wyndham case — the first-ever lawsuit challenging the FTC’s authority to regulate data security practices and to hold a franchisor liable for alleged data security infractions committed by its franchisees — Ropes & Gray negotiated a consent order with the FTC that dismissed the lawsuit and imposed narrower obligations on Wyndham than the FTC has typically obtained against targets of its data security actions.

That groundbreaking dispute over the scope of the commission’s data security authority was sparked in June 2012, when the FTC filed its complaint alleging Wyndham had violated both the unfairness and deception prongs of Section 5 by failing to maintain reasonable and appropriate security measures. The security failures allegedly led to at least three data breaches between April 2008 and January 2010, which exposed more than 600,000 consumer payment card account numbers and led to more than $10.6 million in fraud loss, according to the regulator.

Also this past year, Ropes & Gray’s privacy group continued advising and representing Target stores in the company’s response to the highly-publicized data breach that Target announced in December 2013, securing approval of a proposed settlement of the class actions filed by banks and credit unions on May 12, 2016, and a dismissal of those class actions in May.

As for the success of the privacy group, the co-chairs agree Ropes & Gray’s “one-firm” approach and culture of collaboration across practice groups and geographies (the firm has offices in New York, Boston, London, Tokyo and Shanghai, to name a few) has been very effective in servicing clients.

“We always have and continue to work together as a team and very collaboratively on all of our matters,” Meal said, noting that “everyone on the team knows pretty much what everyone else is doing,” helping each other out on projects.

Sussman agreed, noting companies around the world increasingly tap the compliance arm of Ropes & Gray’s privacy practice to get in line with data security regulatory requirements, knowing the firm has a network of the best local experts to call on.

— Additional reporting by Cara Salvatore and Allison Grande. Editing by Ben Guilfoy.

Read More

12 Jan FTC vs LabMD : Who Committed the Original Sin?

image1-1

The FTC has accused and sued LabMD for doing allegedly terrible things.  Way back in 2008 file sharing software named Limewire was found linked to one folder on one LabMD workstation that contained two files containing patient billing information of 9000 patients. The media took the bait and reported this as if our entire network of nearly one million patients was exposed. That was absolutely not the case. Limewire created potential access to nothing more than a single folder. Tiversa, a company describing itself as a cybersecurity firm later proven to have stolen the file, pretended they had found it and wanted to make us aware. However, what they really wanted was money, as they would not give us any information unless we paid them $475 per hour. This was later shown by Congress to be a scheme of lies, blackmail and extortion. The FTC, who was working with Tiversa, kept their involvement in this racket hidden until I exposed their lies six years later.

Not adequately protecting our patient’s information was a faux accusation that killed the medical facility. And now, finally, the 11th Circuit Court of Appeals has stayed the FTC’s case, stating LabMD has a high likelihood of winning. Later rather than sooner, people are finally considering the facts rather than believing the accusations. LabMD has had to survive reputation assassination via the FTC. This is an example of the FTC’s playbook, a foundational tactic used by the US Government to exploit the trust of Americans. LabMD was destroyed in their wake. Once caught red handed, rather than admit they’ve done something terribly wrong, the FTC doubled down by trying to bury the truth.

When the Tiversa/FTC relationship was exposed, after the FTC had rested their case, the FTC took the flimsy remaining allegations and blew them out of proportion. They had no choice. It was all they had if they weren’t going to admit they were wrong. And bureaucrats will never admit they are wrong. The FTC cavorted with and trusted criminals, using this fake information to go after 86 companies…and it’s appalling that this original sin is repeatedly tossed aside. Frankly, I am baffled this isn’t focused on more by media and the legal profession.

Over the past five years I have seen lawyer after lawyer and journalist after journalist report what the FTC accuses LabMD of as if it were true. These people clearly spent little time researching. Taking my word for it isn’t necessary. The cold hard facts are all in the House Oversight Congressional Report, trial briefs, testimony and exhibits. A Tiversa insider was given criminal immunity by the Justice Department. The FBI raided Tiversa. Yet they ignored this evidence as if it was all untrue and assumed LabMD must have done SOMETHING to deserve all this. When this level of corruption and damaging behavior can go on right under our noses and is considered just another day in DC we have a very big problem; a problem larger than the LabMD case.

LabMD’s accusations sounded unbelievable…so they remained that way…unbelievable. What is really unbelievable, terrifying actually, is all the facts are now lying out for the entire world to see while these people still don’t bother to look. What’s even more terrifying is the FTC court would not allow LabMD to have discovery on the very case we were being tried on. This baked in the cake lack of accountability is a recipe for government corruption. The FTC lawyers, current and former, who now reside in major law firms across the country, are masters of silence. The silence is intentional and unethical.

Why have these facts been barely skimmed? Does it take time to confirm and that is time they don’t have?  Are they only reporting for marketing purposes? Is corruption and working with criminals not a news story? I suspect many writers and attorneys want to be seen as experts so you’ll read their columns or hire them for their services and they don’t want to get on the bad side of the FTC. Therein lies the frustration. The FTC consciously and willingly destroyed a 700,000 patient cancer detection center to advance their agenda to become Cyber Security Cop.  That is just too terrifying an accusation for some people to believe. I’ve had to bite my tongue as the company collapsed, as real people were hurt, and as everyone else whistled passed the graveyard. And it has required millions of dollars and years of patience to finally get out of the FTC’s biased system, a system built to drain you dry, before being released to federal courts in a weakened and tortured state. But we survived…and once out of the FTC’s corrupt and biased system, built and approved by the courts and Congress, LabMD starting winning. How does this happen? Where do the 700,000 patients go to complain about their clinical process being interrupted by power grabbing lawyers?

I’ve learned that most people, even lawyers, don’t clearly understand the powers and procedures of government agencies. 20th century congresses made the FTC judge, jury and prosecutor. There is neither outside oversight nor judicial jurisdiction allowed until the FTC is finished with their entire investigation and internal court procedures. This allows the agency time to beat you to a pulp with the referee locked outside the ring.  And these bureaucrats, who also have qualified immunity, use that time to treat you like a prisoner in the coliseum, attacking you like lions. This behavior is so foreign to what Americans believe is how our justice system operates that upon hearing this they think I am exaggerating, misspeaking or they’ve not heard me correctly.

The choice to fight is dark and bleak on both sides. Either surrender for business reasons and then walk through life knowing a huge injustice has occurred (that nobody will believe) or stand up and allow the government agency’s unelected rule makers to come after you with guns blazing. They will hold you in their own biased system that is allowed to keep you away from an outside court and their outside tentacles of power will try to snuff you out. And during that time employees will be terrified that the company has a bleak future. They will resign and your company will die from the inside out. Congress and the public must understand what’s really going on here. A cancer detection center was destroyed…and the bureaucrats are fine with it as others stare into space.

LabMD is finally entering the fourth quarter of this very long, very destructive game. The federal appeals court, only now being allowed to intervene, has looked at the facts and stayed the case. The truth will eventually win out. The wounded, cornered and panicked FTC has lobbed accusations at LabMD which will be proven false.

But LabMD can’t come back again. A LabMD legal victory will be a win for no one, especially former doctors, patients and employees. You can burn a house down in one hour but you can’t rebuild it in even one year. This is what happens when government keeps bags over the heads of its citizens via silence, active tentacles of power and intimidation.  Please help me shed light on the legal changes needed to protect the public from rogue bureaucrats and cybercriminals. Until we get educated technologists running the show rather than rogue lawyers, the security of our nation will be compromised. The wrong people are guarding the door.

Read More

01 Sep CEO Clubs Luncheon Talk with Guest Speaker Former NY Governor David Paterson

Screen Shot 2016-08-29 at 2.37.45 PM

Date: Thursday September 16th from 9AM till 2PM

Location: The 3 West Club, 3 West 51st Street, New York, NY 10019

The Administrative State can be tedious and difficult to understand, and when deciphered is often considered intentionally void of due process and fair notice. Michael J. Daugherty, CEO of LabMD, will expose the powers and behaviors of the Federal Trade Commission via his riveting story about his going battle with the FTC. The FTC has finally placed their cards on the table. Their verdict: If you have data that is exposed or vulnerable, but not hacked or breached, and without a single victim, you are violating the FTC Act. Mike will illustrate how far the FTC will go when challenged. Now landing at the US Court of Appeals, this landmark case is destined for the Supreme Court and will impact organizations large and small.

To join Michael and the other guests, learn more and register on line at CEO Clubs

Speakers:

Keynote Speaker: 

Former Governor of New York Honorable David A. Paterson

David Alexander Paterson became the 55th Governor of The State of New York on March 17, 2008. In his first address as Governor, he spoke about the challenges facing New York, and his plans to build a better and brighter future for all citizens. He was ahead of the national curve in predicting and acting on the State’s fiscal downturn.

Governor Paterson recently joined Stifel, Nicolaus & Company, Incorporated as a Director/Investments with the Moldaver, Paterson, Lee and Chrebet Group- one of the firm’s top teams- based in New York City.

As Governor, during his 2008 inaugural address, Governor Paterson foretold of an impending national fiscal crisis and collapse, displaying prescience as the first American public official at any level to issue such an alarm. The Governor’s decision to address the country’s economic woes originated with his public statements regarding a potential deflationary spiral and misuse of credit default swaps and reckless home mortgage policies.  Ironically, this forecast compelled New York’s Legislature to specially convene in August 2008.  This session resulted in reducing the state’s deficit by $2 billion, as well as diminishing further devastating financial upheaval, and thereby ensured that New York State’s credit rating was never downgraded during his term.

CEO Clubs of America is excited to have Former Governor David Paterson as our Keynote Speaker for you today.

Mid-day Speaker:

John Mattone: Lessons in Leadership, Talent and Culture

Subtitle: Learn from the World’s #1 Authority on Leadership & Former Coach to Steve Jobs

Feature: 3 Best-Selling Books

LeadershipTalent and Culture are the foundation steps from which successful organizations are built – however, most struggle to create an environment in which employees can be fulfilled, very effective in their work, and really unleash their full potential. What exactly is it that makes some organizations achieve and sustain breakthrough success, while others struggle to reinvent and transform to meet ever-changing demands and challenges?

Based on years of research and advising CEOs and senior leadership teams from small and medium-sized as well as large companies, John Mattone argues that the highest performing organizations both embrace and execute 6 critical steps to achieving positive transformation, but transforming culture always begins with leaders who are both willing and able to “think big“ and be bold while maintaining a heavy dose of “humility”.

In this dynamic workshop, John Mattone talks about the essence of what is meant by the “vulnerability decision”  as well as the other critical steps that must be executed in order for your organization to effectively accelerate its own reinvention in terms of leadership, culture, talent and superior business results.

Morning Speaker:

Michael J. Daugherty, is Founder, President, and CEO of LabMD,a cancer detection laboratory based in Atlanta, Georgia, as well as the author of the book The Devil Inside the Beltway. Because of his work, Mike has testified before the House of Representatives House Oversight Committee and regularly keynotes in front of healthcare, law, business and technology audience educating them on what to expect when the Federal Government investigates you. He holds a BA in Economics from University of Michigan-Ann Arbor, regularly blogs at MichaelDaughtry.com, is Senior Writer for CyberDefense Magazine, and sits on the board of Snoopwall, a privacy company based in Nashua, New Hampshire. He is also a pilot and resides in Atlanta, Georgia.

The Administrative State can be tedious and difficult to understand, and when deciphered is often considered intentionally void of due process and fair notice. Michael J. Daugherty, CEO of LabMD, will expose the powers and behaviors of the Federal Trade Commission via his riveting story about his going battle with the FTC. The FTC has finally placed their cards on the table. Their verdict: If you have data that is exposed or vulnerable, but not hacked or breached, and without a single victim, you are violating the FTC Act. Mike will illustrate how far the FTC will go when challenged. Now landing at the US Court of Appeals, this landmark case is destined for the Supreme Court and will impact organizations large and small.

ABOUT STEVE GOLDSTEIN Steve Goldstein is a proven leader who has held executive positions with leading global brands, such as American Express (Chairman and CEO of American Express Bank), Sears (President of Sears Credit), and Citigroup, as well as several early-stage enterprises. He currently works in the private equity industry as a Senior Advisor with the consulting and advisory firm Alvarez & Marsal, serves as Chairman of US Auto Sales, serves as a Senior Advisor to Milestone Partners and an Industrial Advisor to EQT Partners (a global private equity firm based in Stockholm). He has also advised CEOs and private equity owners providing counsel on performance improvement with their companies in addition to acquisitions and merger integration opportunities. He has served on numerous boards, such as: American Express Bank, Jafra Cosmetics, Union Bancaire Privée, Pay-O-Matic and Big Brothers Big Sisters of NYC. Steve has been an investor, advisor, and interim CEO for more than 10 venture backed e-commerce companies. Steve holds a Bachelor’s degree from City University of NYC, and an MBA from NYU’s Stern School of Business. He lives in NYC. For more, visit www.sdgoldstein.com

Read More

28 Jul For FTC and LabMD, a turning point is reached with no endgame in sight

photo-1453945619913-79ec89a82c51-1
For FTC and LabMD, a turning point is reached with no endgame in sight (July 27, 2016) – LabMD Inc. CEO Michael Daugherty seems to be winning in the court of public opinion. Now all he has to do is win in federal court and at the Federal Trade Commission. For cybersecurity pros, the more important decision is the one the FTC is due to make July 28 after its original June 16 deadline was delayed “to give full consideration of the issues presented.” In the first FTC data breach case to go this far without settling, as some 60 other companies have done over the years, LabMD is challenging whether a minor data leak of dubious origins that led to no consumer harm is subject to the FTC’s authority.

Read more below:

 

MimFor FTC and LabMD, a turning point is reached with no endgame in sighte Attachment

Credit: Congressional Roll Call

Read More

24 Mar Cybersecurity Firm With A History Of ‘Corporate Blackmail’ Raided By The FBI

AAEAAQAAAAAAAAR-AAAAJDlmZTE0YWFiLTM4YTUtNGQ5Zi05Y2RhLThkMWFhZjg0YjY3OA

Sharing the latest from TechDirt

from the fate-of-CEO-Robert-‘Whitey’-Boback-currently-unknown dept

Cybersecurity is a crowded field. Not every competitor will make it. That’s inevitable. Tiversa is one of the also-rans.

Tiversa is helmed by Robert Boback. Back in 2009, Boback was already well-versed in the cybersecurity hard sell. Here’s what he had to say about P2P software in front of a Congressional audience — an audience well-versed in the art of selling fear to fund additional government products.

Boback showed off a document, apparently from a senior executive of a Fortune 500 company, listing every acquisition the company planned to make — along with how much it was willing to pay. Also included in the document were still-private details about the company’s financial performance. Boback also showed numerous documents listing Social Security numbers and other personal details on 24,000 patients at a health care system, as well as FBI files, including surveillance photos of an alleged Mafia hit man that were leaked while he was on trial.

Boback was stealthily pitching his company’s P2P monitoring service. During this hearing, he also claimed to have come across documents containing details about the President’s helicopter on an Iranian computer.

(more…)

Read More

11 Feb Fed officials: Hackers would start small on way to banking system

Jan. 16–Hackers looking to sabotage the U.S. banking system could break into larger companies by targeting smaller institutions, warn officials at the Federal Reserve in Boston, who have launched a pilot program to help thwart cyberattacks.

“We’re focused on the small and medium (banks) because they’re a great door into some of the larger organizations,” said Kenneth C. Montgomery, first vice president and chief operating officer at the Federal Reserve Bank of Boston, who joined fed President Eric Rosengren for a sit-down with Boston Herald editors and reporters yesterday.

(more…)

Read More

11 Jan Top 10 Influencers in Health InfoSec – Michael is number 6!

Michael is honored to be #6 on Healthcare Information Security’s List of Leaders!

Fourth Annual List of Healthcare Information Security Leaders

Reblogged from Healthcare Info Security
HealthcareInfoSecurity announces its fourth annual list of top influencers, recognizing leaders who are playing significant roles in shaping the way healthcare organizations approach information security and privacy.

(more…)

Read More