Thank You For Submiting Feedback!
United States Court of Appeals for the Eleventh Circuit
November 10, 2016, Decided
[*817] BY THE COURT:
LabMD's "Time Sensitive Motion to Stay Enforcement of the Commission's Final Order Pending Appeal, and for a Temporary Stay While the Court Considers the Motion" is GRANTED.
LabMD operated as a clinical laboratory from 2001 through early 2014. It received specimen samples for testing and reported the results to patients' physicians. As part of its business, LabMD received sensitive personal information for over 750,000 patients, which included their names, birthdates, addresses, and Social Security numbers, as well as certain medical and insurance information.
In 2005, LabMD's billing manager downloaded and installed a peer-to-peer file-sharing program called LimeWire on her work computer. She did this so she could download music and video files for her personal use. Unfortunately, LimeWire allows other users to search for and download any file that is available for sharing on a computer connected to the file-sharing [**3] program. The billing manager designated her "My Documents" folder on her computer as a folder from which files could be searched and downloaded. At the same time a file designated the "1718 file," which contained 1,718 pages of sensitive personal information for roughly 9,300 patients, including their names, birthdates, and Social Security numbers, was also in the billing manager's "My Documents" folder that was accessible through LimeWire.
In 2008, Tiversa Holding Company ("Tiversa"), a data security company, notified LabMD that it had a copy of the 1718 file. Tiversa employed forensic analysts to search peer-to-peer networks specifically for files that were likely to contain sensitive personal information in an effort to "monetize" those files through targeted sales of Tiversa'a data security services to companies it was able to infiltrate. Tiversa tried to get LabMD's business in this way. Tiversa repeatedly asked LabMD to buy its breach detection services, and falsely claimed that copies of the 1718 file were being searched for and downloaded on peer-to-peer networks.
After LabMD declined to purchase Tiversa's services, Tiversa informed the Federal Trade Commission ("FTC") that LabMD [**4] and other companies had been subject to data breaches involving its customers' personal information in 2009. Tiversa's CEO instructed one of his employees to "make sure [LabMD is] at the top of the list" of companies that had suffered a security breach that was given to the FTC. Notably, Tiversa did not include any of its own current or former clients on the list. Tiversa hoped that the FTC would contact the companies on its list of those subject to security breaches, so those companies would feel pressured to purchase Tiversa's services out of fear of an FTC enforcement action.
Full case includes Shepard's, Headnotes, Legal Analytics from Lex Machina, and more.
678 Fed. Appx. 816 *; 2016 U.S. App. LEXIS 23559 **
LABMD, INC., Petitioner, versus FEDERAL TRADE COMMISSION, Respondent.
Prior History: [**1] Petition for Review of a Decision of the Federal Trade Commission.
In re LabMD, Inc., 2016 FTC LEXIS 181 (F.T.C., Sept. 29, 2016)
FTC, consumers, unfair, personal information, likely to cause, downloaded, irreparable, substantial injury, costs, pending appeal, dictionaries, practices
Civil Procedure, Entry of Judgments, Stays of Judgments, Appellate Stays, Antitrust & Trade Law, Federal Trade Commission Act, Scope, US Federal Trade Commission, Administrative Law, Judicial Review, Standards of Review, Deference to Agency Statutory Interpretation, Governments, Legislation, Interpretation, Injunctions, Grounds for Injunctions, Irreparable Harm