Skip to main content
Menu Icon Menu Icon

In The News

Elizabeth McGinn Quoted in Legaltech News Article, "Lessons Companies Can Learn from the FTC's LabMD Decision on Data Security"

Elizabeth E. McGinn

Elizabeth McGinn was quoted in Ed Silverstein's Legaltech News article, "Lessons Companies Can Learn from the FTC's LabMD Decision on Data Security," on August 5, 2016. 

There is a good chance that the Federal Trade Commission's recent reversal of a decision by an administrative law judge on LabMD's data security practices will be appealed in court, according to attorneys familiar with the field. But in the meantime, and especially if the appeal is not successful, companies appearing before the FTC will likely have a higher bar to pass to prove data security.

The case centers around how LabMD, a clinical lab for physicians, allegedly failed to protect medical and other personal information of consumers. Between 2001 and 2014, LabMD collected sensitive personal information on over 750,000 patients.

In their ruling , the FTC commissioners contended that LabMD's practices were "unreasonable and constitute an unfair act or practice that violated Section 5 of the Federal Trade Commission Act," the agency said in a statement.

"The decision is most likely to be appealed to the U.S. Court of Appeals," Elizabeth McGinn, an attorney at Buckley Sandler, told Legaltech News.

LabMD has 60 days to file a petition with the federal appeals court, according to McGinn. In fact, she said this is the first appealable FTC opinion in a data security action.

McGinn pointed out that "the full commission reversed the administrative law judge's decision, holding that disclosure of sensitive personal information, in itself, caused consumer injury."

The administrative law judge had found that some personal consumer information was disclosed, but dismissed the case because the FTC "complaint counsel," the prosecutors in the case, did not show that the breach caused, or was likely to cause, substantial injury to consumers, McGinn explained.

However, the FTC held that the privacy harm from the disclosure of sensitive health or medical information is a substantial injury under Section 5, the FTC's unfairness authority, McGinn said.

Companies that have health and medical information do need to take note of the decision. "Companies should be aware of the importance of this decision," McGinn advised. "The decision centered around the harm from the unauthorized disclosure of sensitive health or medical information. As a result, there could be more of a focus by the FTC in what … are considered as sensitive health or medical information."

Click here to read the full article at (subscription required).