In the latest chapter of the ongoing battle between the FTC and LabMD, Inc. (“LabMD”) about the FTC’s claim that LabMD violated the FTC Act’s Section 5 bar on “unfair” acts or practices because of its allegedly inadequate data security practices, an administrative law judge overseeing the FTC’s administrative action against LabMD recently issued two discovery orders. These discovery orders may, at least to some extent, force the FTC to outline its sometimes opaque standards for data security.

The first decision addressed LabMD’s request for an order compelling the FTC’s designated witness to answer deposition questions about the “data security standards” the FTC “has published and intends to use at the [h]earing” in the case to prove LabMD’s “data security was inadequate.” The FTC objected to allowing such testimony, arguing that prior orders in the case barred LabMD from asking for this testimony. The administrative law judge rejected this argument. The administrative law judge acknowledged that he had previously barred discovery regarding the legal standards the FTC used or was using to decide when an “entity’s data security practices are unfair under Section 5[.]” But, he noted, he had not barred discovery about related factual matters, including “what data security standards have been published by the FTC” that the FTC intended to rely on “at trial to demonstrate [LabMD’s] data security practices were inadequate.”

In the second, similar decision, the administrative law judge also refused to grant a Motion in Limine to preclude trial testimony from Daniel Kaufman, Deputy Director of the Bureau of Consumer Protection. The FTC argued that LabMD only wanted Mr. Kaufman to testify “on the standards the Commission has used in the past and is using currently to determine whether an entity’s data security practices violate Section 5 of the” FTC Act. LabMD responded that, at an earlier deposition it did not – and does not in the future plan to – ask Mr. Kaufman about the FTC’s legal standards, such as the “reasonableness” standard. Instead, LabMD argued that it was only inquiring about “the FTC’s data security standards, if any[,]” presumably referring to factual standards. The administrative law judge ultimately ruled that Mr. Kaufman could testify about relevant, admissible issues without running afoul of prior discovery orders regarding “legal standards for enforcing Section 5.” 

For additional information about LabMD’s battle with the FTC, please see our prior posts, "FTC Denies LabMD’s Motions to Stay Pending Administrative Action," "Kim Peretti and Dominique Shelton Quoted in 'Privacy Cases to Watch in 2014,'” "FTC Denies LabMD’s Motion to Dismiss" and "LabMD’s Federal Court Actions Against the FTC Dismissed."