WASHINGTON (Legal Newsline) — The Federal Trade Commission (FTC) has announced an opinion and final order reversing an Administrative Law Judge (ALJ) initial decision that dismissed FTC charges against LabMD Inc. The reversal means LabMD’s data security practices were allegedly unreasonable and constitute an unfair act violating the FTC Act.
The company had purportedly failed to protect the sensitive personal information of consumers. The FTC charged, between 2001 and 2014, LabMD collected medical information for more than 750,000 patients and did not keep the information safe – applying unreasonable practices that lacked even basic precautions to protect consumer information.
“Among other things, it failed to use an intrusion detection system or file integrity monitoring; neglected to monitor traffic coming across its firewalls, provided essentially no data security training to its employees, and never deleted any of the consumer data it had collected,” chairwoman Edith Ramirez wrote in the FTC’s unanimous opinion.
The FTC concluded the company’s failures meant millions of users could authorize the sensitive information of 9,300 consumers on a peer-to-peer network.
“LabMD then left it there, freely available, for 11 months, leading to the unauthorized disclosure of the information,” the FTC said.