LabMD ruling should be a wake-up call for FTC data security enforcement

For another informed perspective on the impact of the initial decision in FTC v. LabMD, I’d strongly encourage this site’s readers to read Gus Hurwitz’s thought-provoking analysis and commentary on  Here’s a snippet:

… Judge Chappell had none of the FTC’s argument. “The term ‘likely’,” he tells us, “does not mean that something is merely possible. Instead, ‘likely’ means that it is probable that something will occur.” He bases this conclusion in part on available case law and prior FTC decisions. But he goes well beyond this, saying as well that “[i]f unfair conduct liability can be premised on ‘unreasonable’ data security alone, upon proof of a generalized, unspecified ‘risk’ of a future data breach, without regard to the probability of its occurrence, and without proof of actual or likely substantial consumer injury, then [the statutory standard provided in Section 5(n)] would not provide the required constitutional notice of what is prohibited.”

About the author: Dissent

Comments are closed.