No Judicial Review of FTC Jurisdiction until the Agency Takes a Final Action


Companies that handle personal data may need to litigate an FTC enforcement action to its conclusion before a court will review the Commission's jurisdiction to commence the enforcement action in the first place.

Earlier this year, the medical testing company LabMD sued the Federal Trade Commission in federal court to enjoinsuch an action based on the argument that the Commission lacked jurisdiction to regulate the data security practices of private entities already regulated by the Department of Health and Human Services under HIPAA. The court recently dismissed the suit without ruling on the question of the FTC's jurisdiction, holding that the Commission's order sustaining its enforcement proceeding was not a final agency action and therefore not ripe for review under the Administrative Procedures Act.

The FTC's stance that it has jurisdiction enjoyed a significant boost in April when a federal court in New Jersey held that the Commission could assert claims against private companies for inadequate data privacy and security practices under Section 5 of the FTC Act. See F.T.C. v. Wyndham Worldwide Corp., No. 12-1887 (D.N.J. Apr. 7, 2014). But LabMD presents a different case in that its data includes protected health information already subject to regulation by HHS under HIPAA. Also, the same judge who dismissed LabMD's federal-court case stated in an order issued during the FTC investigation of the company in 2012 that he found "significant merit" to the company's position that "Section 5 does not justify an investigation into data security practices and consumer privacy issues."

The evidentiary hearing on the FTC's complaint was held as scheduled before an administrative law judge last week, and no final order has been issued yet. Companies will want stay abreast of how LabMD's challenge to the Commission's authority is resolved once a court decides that the issue is ripe for review.

LabMD, Inc. v. F.T.C., No. 1:14-cv-00810-WSD (N.D. Ga. May 12, 2014)



DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Holland & Knight LLP | Attorney Advertising

Written by:


Holland & Knight LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.