07 Nov LabMD Slams ‘Oppressive’ FTC Subpoenas in Data Breach Row
Law360, New York (November 06, 2013, 1:33 PM ET) — LabMD Inc. on Tuesday slammed the Federal Trade Commission over some three dozen third-party subpoenas it has issued in its ongoing investigation of alleged security breaches at the cancer diagnosis firm that the agency claims exposed the private medical information of thousands of consumers.
LabMD characterized the FTC’s move, which it said follows after years of discovery during which the firm has already submitted over 5,000 pages of documents since 2010, as an undermining tactic meant to harm its reputation and sap its financial resources, according to its motion for protective order filed Tuesday to an FTC administrative law judge.
The Atlanta-based company is represented by the Washington-based nonprofit Cause of Action, whose website says it “fights to protect economic opportunity when federal regulations … threaten it,” and which on Tuesday reiterated its challenge to the FTC’s authority to regulate data security practices.
“From the outset of the FTC’s investigation, the commission has exerted authority it does not have to punish a business that has done nothing wrong,” said COA Executive Director Dan Epstein. “COA has taken up this fight because the commission is abusing its power and destroying a small business, and it must be held accountable for demonstrations such as these burdensome subpoenas.”
The group identifies itself as nonpartisan, but Epstein, who founded the group in 2011, has in the past worked for billionaire libertarian Charles G. Koch’s foundation, which has funded various economic freedom nonprofits. A COA spokeswoman on Tuesday declined to identify its donors, citing privacy concerns.
The FTC brought its suit in August over an alleged data breach when Internet security firm Tiversa Holding Corp. took a LabMD patient information file and gave it to the FTC after LabMD turned down a business pitch by Tiversa, according to LabMD’s motion.
The FTC has claimed that that LabMD exposed the information of roughly 10,000 consumers in two instances: once when the billing information for thousands of consumers was found on a file-sharing network, and again when LabMD documents containing the private information of some 500 consumers were stolen by identity thieves, according to the agency.
LabMD, whose data security practices are regulated by the U.S. Department of Health and Human services, argues that HHS has never accused it of violating any such security requirements and that the FTC is merely retaliating for LabMD CEO Michael Daugherty’s scathing manifesto against the agency in his new book, “The Devil Inside the Beltway.”
“Nothing else explains why the FTC would issue more than 35 subpoenas at issue here,” LabMD said in its motion. “Instead of standing on the strength (or lack thereof) of its complaint, the FTC seeks to crush LabMD by using its vast resources to harass through abusive discovery tactics.”
LabMD is represented by Reed Rubinstein of Dinsmore & Shohl LLP and Michael D. Pepson of Cause of Action.
The case is In the Matter of LabMD Inc., docket number 9357, before the Federal Trade Commission.