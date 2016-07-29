(Adds background and further comment from FTC chairwoman,
WASHINGTON, July 29 The U.S. Federal Trade
Commission said on Friday it had overruled an administrative
judge's dismissal of the commission's data security case against
cancer testing company LabMD.
In a statement, the FTC said its unanimous opinion, written
by Chairwoman Edith Ramirez, concluded that the administrative
judge had applied the wrong legal standard for unfairness.
"LabMD's security practices were unreasonable, lacking even
basic precautions to protect the sensitive consumer information
maintained on its computer system," Ramirez said.
In November, D. Michael Chappell, chief administrative law
judge for the FTC, ruled that the agency failed to prove LabMD
had harmed customers by mistakenly exposing a file of patient
data on a filesharing network.
The agency had successfully brought such cases against
dozens of companies, and the November ruling marked its first
defeat.
The FTC alleged in 2013 that poor security practices at
LabMD in 2008 had allowed a patient insurance file to spread
through the Limewire peer-to-peer filesharing network, which was
often used for downloading music.
Ramirez said in the opinion that LabMD had "failed to use an
intrusion detection system or file integrity monitoring;
neglected to monitor traffic coming across its firewalls;
provided essentially no data security training to its employees;
and never deleted any of the consumer data it had collected."
Medical and other sensitive information of 9,300 consumers
were exposed on a peer-to-peer network accessible by millions of
users, the opinion said. "LabMD then left it there, freely
available, for 11 months, leading to the unauthorized disclosure
of the information," it added.
