The U.S. Federal Trade Commission (FTC) has dropped its data-breach case against LabMD following admission by the agency’s own administrative law judge that it had failed to prove that the company harmed customers by mistakenly exposing patient data on a file sharing network.
It’s possible the “FTC will look at it in context and say ‘maybe we need to be more thoughtful in the future’ and say ‘maybe we do need a higher level of proof,’” said Jim Harvey, co-leader of Alston & Bird’s Privacy & Data Security Group.
He also said the complexities of cybersecurity and lack of definition over what constitutes good security creates a circumstance where regulators can be doing more harm than good.
“The FTC and other agencies that seek to enforce these laws sometimes create the regrettable circumstance where the company is victim twice,” he said, noting that companies are punished that have already been hacked.
It’s possible the “FTC will look at it in context and say ‘maybe we need to be more thoughtful in the future’ and say ‘maybe we do need a higher level of proof,’” said Jim Harvey, co-leader of Alston & Bird’s Privacy & Data Security Group.
He also said the complexities of cybersecurity and lack of definition over what constitutes good security creates a circumstance where regulators can be doing more harm than good.
“The FTC and other agencies that seek to enforce these laws sometimes create the regrettable circumstance where the company is victim twice,” he said, noting that companies are punished that have already been hacked.