The Federal Trade Commission (FTC) issued its opinion and final order against LabMD, Inc. which concluded that LabMD’s data security practices constituted an unfair act or practice within the meaning of Section 5 of the FTC Act 1914. The Decision consequently reverses the earlier Administrative Law Judge’s (the ALJ) ruling, which held that the FTC failed to prove that LabMD did not employ ‘reasonable and appropriate’ data security measures, which ’caused, or [was] likely to cause, substantial injury to consumers,’ as alleged. “The Decision is another example of the FTC’s intent to exercise its authority very broadly, in terms of the types of organisations that fall within its scope, the personal data covered, and the safeguards that must be in place to protect the data,” said Joan Antokol, Partner at Park Legal LLC.