On July 28, the Federal Trade Commission ("FTC") issued a unanimous opinion holding that LabMD, Inc.'s data security practices were "unreasonable" and lacked "even basic precautions to protect the sensitive consumer information maintained on its computer system," constituting unfair practices under Section 5 of the FTC Act. Specifically, the FTC found that LabMD failed to protect its computer network or employ adequate risk assessment tools, failed to provide data security training to its employees, and failed to adequately restrict and monitor the computer practices of individuals using its network. The Final Order directs LabMD to undertake remedial measures and imposes a 20-year reporting requirement.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.