LabMD’s lack of data security measures resulted in the FTC Commission overturning an Administrative Law Judge (“ALJ”) decision that previously dismissed charges against the company in November. LabMD performed laboratory medical testing for over 750,000 patients since 2001, before going out of business in 2014, partly due to fighting this case. The FTC brought the action under Section 5 of the FTC Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.” An act that causes or is likely to cause substantial injury to consumers that is neither reasonably avoidable by consumers nor outweighed by countervailing benefits to consumers or competition may be deemed unfair.
The Federal Communication Commission’s (the “FCC”) landmark decision last year to reclassify Internet service providers (“ISPs”) as common carriers under Title II of the Communications Act of 1934 implicates policy issues that extend well beyond net neutrality. Perhaps chief among them is the treatment of customer proprietary network information (“CPNI”) by broadband access providers. The CPNI rules, which were adopted as part of the Telecommunications Act of 1996, were originally implemented to facilitate competition in the context of a landline telephone network, rather than address privacy concerns for broadband providers. Yet as part of the FCC’s Open Internet Order (which is currently under legal challenge), these rules apply to broadband as well.