FTC NIGHTTIME

FTC Commissioners’ Statements Become Factors in Wyndham and LabMD

Published On January 10, 2014 | By Stacey Brandenburg | Data Security, FTC, Litigation, Privacy

FTCDAYIt is common for practitioners seeking insight into the Federal Trade Commission’s priorities to read the remarks of FTC Commissioners like tea leaves, or to follow their statements like an installment of Downton Abbey or the Bachelor.  In two recent episodes, however, these statements have had a more direct impact on ongoing FTC data security cases, as parties have claimed that these remarks undermine the FTC’s litigation position or objectivity.  While these challenges may yield benefits for the parties in those particular cases, this trend may have a chilling effect, which may not be good news for companies that currently benefit from the guidance these statements can afford.  Then again, as we enter an era of increased administrative litigation with the FTC, it may be time that the Commissioners become more mindful of their roles as neutral decision-makers who will eventually hear appeals from administrative litigation, especially as they have been rarely been called upon to play that role in privacy or security matters to date.

The first episode involves a delay in the highly-anticipated ruling in FTC v. Wyndham Worldwide, Corp. (“Wyndham”).  The court in Wyndham will determine whether the Commission has authority under Section 5 to bring an action relating to data security, whether companies have received adequate notice of enforcement standards to meet due process requirements, and whether the complaint in the case was sufficiently detailed to state unfairness and deception claims.  As of mid-November, the parties had briefed and argued these issues and Judge Salas seemed poised to rule, most likely in the FTC’s favor.  However, Judge Salas agreed to delay her ruling to consider the import of comments that Commissioner Joshua D. Wright made during a Congressional subcommittee hearing in December 2013.  Although the hearing had focused on the FTC’s competition-related activity, subcommittee chairman Rep. Lee Terry and Commissioner Wright noted potential vagueness in the “unfairness” prong of the FTC’s Section 5 authority.  As the FTC is currently litigating this issue in Wyndham, the hotel company offered the Commissioner’s statements in support of their case.  Judge Salas ordered the parties to submit a joint letter-brief on this issue by January 21, 2014.

The second incident relates to the FTC’s complaint against LabMD, Inc., a medical testing company whose security practices the FTC alleged were unfair and deceptive.  LabMD refused to settle this action with the FTC, and the complaint proceeded to litigation before an FTC Administrative Law Judge whose findings eventually will be reviewed by the FTC Commissioners.

On Dec. 17, LabMD moved to disqualify Commissioner Julie Brill from reviewing the ALJ’s decision, arguing that Commissioner Brill referenced LabMD in two speeches, suggesting that she had prejudged this case.  The FTC responded, explaining that, although a citation to the LabMD administrative complaint appears as a single footnote in the written versions of the speeches, it does not provide any commentary on this case or suggest it had been decided.  Rather, the FTC explained, the reference is listed as one of several other complaints where the FTC “found reason to believe” that a company failed to use reasonable and appropriate security measures.  Despite disagreeing with LabMD’s motion, Commissioner Brill chose to recuse herself from review of the LabMD proceedings to prevent this ancillary issue from becoming a distraction.

For more information about the FTC’s enforcement actions, including those brought against LabMD case or Wyndham, please see our prior posts.

About The Author

Stacey Brandenburg

Stacey advises clients on a wide range of privacy and data security issues. A veteran of the Federal Trade Commission’s Division of Privacy and Identity Protection, Stacey assists clients in responding to FTC investigations involving potential violations of Section 5 of the FTC Act, the FTC’s advertising guidelines, and the Children’s Online Privacy Protection Act (COPPA). She also helps clients to implement sound security and privacy practices and provides compliance training to employees. Stacey is on the faculty at American University’s Washington College of Law, where she teaches on technology and privacy-related issues.

Comments