Most companies facing a lawsuit from the Federal Trade Commission try to settle as quickly as possible.
Fighting the FTC means years of exhausting and expensive litigation. The commission doesn’t even have the authority to impose fines for most violations, so a settlement usually just means the company has to change its behavior, agree to some independent audits, and ride out the wave of negative news coverage. It’s an easy choice for most corporate executives.
But Michael Daugherty, the CEO of the Atlanta-based medical-testing facility LabMD, isn’t like most corporate executives. When the FTC began investigating his company for allegedly failing to protect thousands of sensitive patient records, he wasn’t going to just lie down.
“They had no idea who they were screwing with,” Daugherty said in an interview. He ignored the lawyers who urged him to strike a deal, and he vowed to stand up to the FTC, which he says is run by “professional bullies.”
Two and a half years after the FTC first sued LabMD, the legal battle is still raging, with neither side planning to back down anytime soon. And the stakes have only gotten higher. If Daugherty wins, the case could significantly curb the FTC’s authority to sue companies for sloppy data security. That would be a major blow to the federal government’s efforts to thwart hackers who are increasingly stealing massive amounts of information from banks, health insurers, retailers, and other companies.