FTC’s Role As Cybersecurity Cop Challenged In Court

A medical testing lab is challenging the FTC’s enforcement action following the Commission’s determination that the lab had been lax in its cybersecurity. The FTC in July found that the company had put consumers at risk, and it ordered, among other things, that the company tell consumers about those problems and adopt a plan to correct them. The lab’s appeal questions whether the FTC can enforce security standards, particularly when the alleged security shortcomings did not result in identifiable harm to consumers. According to McGuireWoods attorneys, writing on the firm’s “Password Protected” blog, this case “is poised to become a major driver of data security practices because it reveals the FTC’s expectations regarding reasonable data security practices and, if upheld, would solidify the FTC’s authority to enforce such actions.”