A Legal Guide to PRIVACY AND DATA SECURITY 2024

On July 28, 2016, the ALJ’s decision was reversed. The court found that LabMD’s inadequate data security practices constituted an unfair practice in and of themselves, and therefore were a violation of Section 5 of the FTC Act. LabMD was ordered to notify all affected consumers, establish a comprehensive information security program, and obtain regular independent assessments of its data security practices. LabMD appealed this ruling, and the 11th Circuit Court of Appeals stayed the FTC’s enforcement action pending oral arguments in the appeal which took place in June 2017. During oral arguments, a panel of judges questioned the nebulous nature of the FTC’s guidance on data security practices and urged the FTC to engage in rulemaking so that companies would know “that they’re violating what they’re violating.” The 11th Circuit eventually held that the FTC’s order was unenforceable as it “does not enjoin a specific act or practice. Instead, it mandates a complete overhaul of LabMD’s data-security program and says precious little about how this is to be accomplished.” The results of this appeal may impact how the FTC takes action against companies whose data security practices it deems insecure. The FTC may need to more specifically tailor and narrow their guidance on data security practices for those orders to be enforceable. Dental Practice Provider Settles FTC Charges. On January 5, 2016, Henry Schein Practice Solutions, Inc., a provider of office management software for dental practices, agreed to pay $250,000 to settle FTC charges that it falsely advertised the level of encryption it provided to protect patient data. Deceptive Advertising. The FTC Act also governs deceptive practices in advertising, including direct-mail communications. The Act requires businesses to use truth-in-advertising, meaning that: 1) the advertising must be truthful and not deceptive; 2) the advertisers must have evidence to back up their claims; and 3) the advertising must be fair, or not likely to cause substantial consumer injury. In determining whether an advertisement meets these criteria, the FTC will consider both the

32

Made with FlippingBook - Online Brochure Maker