Was the FTC Duped on Data Breaches?
Sterling Miller
CEO, Three-Time General Counsel, Author, Keynote Speaker - currently CEO & Senior Counsel at Hilgers Graben PLLC.
Here is an interesting story from Reuters. It appears that the FTC relied heavily on a company called Tiversa regarding allegations of bad data practices by several American companies. But, Tiversa was allegedly shaking down these same companies to use its services and if the company refused to buy, Tiversa would falsify data and report the companies to the FTC - which then launched a number of investigations based on the bad information. Click here to read the full story.
"LabMD CEO Michael Daugherty said in an interview with Reuters that he is a victim of a Tiversa extortion scheme. The costs and distraction associated with the case had driven LabMD out of business, Daugherty said. He acknowledges that one of his employees, in violation of company policy, installed a filesharing software on her computer for her personal use.
But Daugherty said the issue harmed no patients. No one outside LabMD ever accessed the file, Daugherty said, and evidence of its spread was falsified by Tiversa. “What concerns me is the collaboration between the FTC and bad actors,” Daughterty said. “This case is not just about LabMD, it’s about every company contacted by the FTC.”
That testimony led FTC Chief Administrative Law Judge D. Michael Chappell to dismiss the case against LabMD last November, ruling that the evidence against the medical company was “unreliable, not credible, and outweighed by credible contrary testimony from Mr. Wallace,” according to court records."
It will be interesting to see where this goes and whether or not the FTC changes anything regarding how it uses and relies on information from companies like Tiversa. See also my legal blog, "Ten Things You Need to Know as In-House Counsel," including my post on data privacy essentials for in-house counsel.
CEO at P.I.N. - Payment Insurance Network
8 年I'm still trying to wrap my head around what happened with this case. Any allegations made by Tiversa to the FTC would have been disproven by the forensic analysis conducted and paid for by LabMD's cyber insurance carrier. From what I understand, LabMD did their own forensics which didn't hold much water in the eyes of the court as opposed to an independent third party analysis. This leads me to believe that they were not properly insured, which is a mismanagement issue. Had they been, they might still be around.
Retired; following US politics, HR, IT and other topics
8 年very troubling story, especially on top of the LabMD saga.