LabMD, Inc., which has been challenging the Federal Trade Commission’s authority to enforce data security standards on two fronts, finally won a skirmish with its nemesis.  An Administrative Law Judge granted the company’s motion to compel testimony from the Commission regarding the “data security standards” that it “has published and intends to use” to prove that LabMD’s data security was not “reasonable and appropriate.”  Of course, the FTC has never published any such standards, which is one of the reasons LabMD argues the FTC lacks a valid legal basis to go after companies it thinks have inadequate data security.  LabMD is surely hoping that having the FTC acknowledge on the record that it does not actually have “data security standards” will underscore – for the ALJ, for courts, for Congress, and the public – LabMD’s contention that the FTC is acting as a lawless bully.