FTC told to disclose the data security standards it uses for breach enforcement
The Federal Trade Commission (FTC) can be compelled to disclose details of the data security standards it uses to pursue enforcement action against companies that suffer data breaches, the agency's chief administrative law judge ruled Thursday.
The decision came in response to a motion filed by LabMD, a now-defunct medical laboratory that has been charged by the FTC with unfair trade practices for exposing sensitive information belonging to 10,000 patients in 2010.
LabMD has accused the FTC of holding it to data security standards that do not exist officially at the federal level. It has maintained that the agency must publicly disclose the data security standards it uses to determine whether a company has reasonable security measures in place.