The Federal Trade Commission has decided to put off until late July a decision about whether to overturn a ruling by the agency’s chief administrative law judge in the closely watched data security action against LabMD, the Atlanta-based medical detection firm.  In a one-paragraph order issued late yesterday, the Commission extended the deadline for decision until July 28th “in order to give full consideration to the issues presented by the appeal in this proceeding.”

On March 8, 2016, three of the FTC’s commissioners, Chair Edith Ramirez, Terrell McSweeny and Maureen Ohlhausen, heard oral argument on the appeal.  Under the agency’s procedures, the Commission ordinarily has 100 days from oral argument to issue its ruling.

At issue in the LabMD appeal is the scope and trigger for an enforcement action under Section 5 of the FTC Act, the primary statutory authority for Commission action.  In November 2015, the agency’s Chief Administrative Law Judge, D. Michael Chappell, in a sharply worded 92-page Initial Decision, dismissed the agency’s case against LabMD, holding that the agency failed to carry its burden under Section 5’s unfairness prong because there was no evidence that consumers – patients whose lab work was performed by LabMD – had suffered harm.  The case focuses on an alleged data incident involving a peer-to-peer file sharing program that was discovered on a computer in LabMD’s accounting department but there was no evidence that any patient information was compromised.