Eleventh Circuit Rules FTC’s Data Security Cease and Desist Order Against LabMD Is Unenforceable

Eleventh Circuit Rules FTC’s Data Security Cease and Desist Order Against LabMD Is Unenforceable

In its June 6, 2018 decision, the Eleventh Circuit concluded that the Federal Trade Commission’s (“FTC”) Final Order against LabMD lacked adequate specificity and therefore was unenforceable. The Eleventh Circuit had previously issued a stay of enforcement of the FTC’s Final Order – as reported by this blog on November 16, 2016  – which had concluded that LabMD’s data security practices were “unreasonable” and constituted an “unfair” business practice in violation of Section 5 of the Federal Trade Commission Act (“FTC Act”), 15 U.S.C. §45(a) and (n). The FTC initiated an enforcement action against LabMD in August 2013, alleging that LabMD, which operated as a clinical laboratory testing center, failed to implement reasonable data security measures to protect patients’ sensitive personal information. LabMD’s alleged data security failures allowed an employee to install and maintain file-sharing software on a work-related computer for a period of at least three years, which allowed exposure of patient information on a peer-to-peer network accessible daily by millions of users. In July 2016, and on appeal following a hearing before an Administrative Law Judge, the FTC concluded that LabMD’s failures had caused, and were also likely to cause, substantial consumer injury, including identity theft and medical-identity...

Third Circuit Holds Agreement to Arbitrate in Illusory Forum Is Unenforceable

Third Circuit Holds Agreement to Arbitrate in Illusory Forum Is Unenforceable

The Third Circuit Court of Appeals recently held, in a precedential decision, that when parties enter an agreement directing them to arbitrate in an illusory forum, the forum selection clause is not severable and the entire agreement to arbitrate is unenforceable. In MacDonald v. CashCall, Inc. et al., a plaintiff brought suit on behalf of himself and a putative class, alleging a loan agreement between the parties was unconscionable and usurious. The agreement at issue included “(1) a provision requiring that all disputes be resolved through arbitration conducted by a representative of the Cheyenne River Sioux Tribe (‘CRST’) and (2) a clause that delegates questions about the arbitration provision’s enforceability to the arbitrator.” The defendants moved to compel arbitration. The district court declined to compel arbitration because the agreement at issue expressly disavowed federal and state law, thus rendering the arbitration provisions invalid as an impermissible prospective waiver of federal and state statutory rights. The district court further held that the arbitration agreement was unenforceable because the forum was illusory, as the selected forum did not conduct arbitrations or have rules for conducting arbitrations. The Third Circuit affirmed the district court’s conclusion that the loan agreement’s arbitration provision cannot direct...