Lexis Nexis - Case Brief

Not a Lexis+ subscriber? Try it out for free.

Law School Case Brief

LABMD, Inc. v. FTC - 894 F.3d 1221 (11th Cir. 2018)


Section 5(n)15 U.S.C.S. § 45(n), of the Federal Trade Commission Act states, as a prerequisite for an act or practice to be unfair, the act or practice [1] causes or is likely to cause substantial injury to consumers [2] which is not reasonably avoidable by consumers themselves and [3] not outweighed by countervailing benefits to consumers or to competition.


Defendant LabMD is a now-defunct medical laboratory, which previously conducted diagnostic testing for cancer. It used medical specimen samples, along with relevant patient information, to provide physicians with diagnoses. Given the nature of its work, LabMD was subject to data-security regulations. Contrary to LabMD policy, a peer-to-peer file-sharing application called LimeWire was installed on a computer used by LabMD's billing manager. LimeWire is an application commonly used for sharing and downloading music and videos over the Internet. The billing manager designated the contents of the "My Documents" folder on her computer for sharing, exposing the contents to the other users. In August 2013, the Federal Trade Commission (FTC), following an extensive investigation, issued an administrative complaint against LabMD and assigned an ALJ to the case. The complaint alleged that LabMD had committed an "unfair act or practice.” After answering the FTC's complaint, LabMD filed a motion to dismiss it for failure to state a case cognizable under Section 5. The motion essentially replicated the assertions in LabMD's answer. Following a trial before an administrative law judge (ALJ), the Commission issued a cease and desist order directing LabMD to create and implement a variety of protective measures.


Was the FTC’s order unenforceable because it did not direct LabMD to cease committing an unfair act or practice within the meaning of Section 5(a)?




The FTC's order mandating a complete overhaul of the company's data-security program was unenforceable and vacated because, even assuming the company's failure to implement and maintain a reasonable data-security program constituted an unfair act or practice under Section 5(a)15 U.S.C.S. § 45(a), of the Federal Trade Commission Act, the FTC's cease and desist order did not enjoin a specific act or practice.

Access the full text case Not a Lexis+ subscriber? Try it out for free.
Be Sure You're Prepared for Class