Issa: FTC is overreaching on its data security protection rules

Congressman Darrell Issa Rep. Darrell Issa, R-Calif., chairs the House Oversight and Government Reform Committee.

House Oversight and Government Reform Committee Chairman, Rep. Darrell Issa, R-Calif., took the Federal Trade Commission to task Thursday during a hearing that examined whether the agency was overstepping its boundaries in going after companies that have had data security breaches.

The hearing centered on a case currently being handled by the FTC, which charges an Atlanta-based cancer detection clinic, LabMD, failed to protect billing information of more than 10,000 customers. Republican committee members and the company’s CEO, Michael Daugherty, say the FTC was only alerted to this breach after cybersecurity firm Tiversa turned LabMD into the agency when it failed to pay Tiversa to fix the problem.


“All Americans should be outraged by the FTC’s unchecked ability to pursue a claim that is not based on any legal standard,” Daugherty said in his testimony before the committee. “If this can happen to LabMD, a cancer detection center, this can happen to anyone. This does nothing to help the constantly-changing cybersecurity landscape.”

Representatives from the FTC and Tiversa were not invited to attend the hearing.

Section 5 of the FTC Act states that the commission can protect against ”unfair or deceptive acts or practices in or affecting commerce.” Despite Daugherty’s claims, Woodrow Hartzog, an assistant professor at Stanford University who specializes in data privacy, said the FTC has operated judiciously within Section 5, despite the rule’s broad scope and undefined parameters when it comes to data security.

“Overall, the overwhelming pattern is that the FTC has acted conservatively, judiciously and consistently,” Herzog told the committee.

Issa saw it differently, saying the FTC is using its “regulatory authority not to help protect consumers but in fact to get simple consent decrees using the unlimited power it has to not only sue at government expense but to force you before administrative law judges.”


The hearing itself raised some eyebrows around Washington as the LabMD case has been put on hold after lawyers revealed earlier this year that the committee was looking into an immunity deal for a Tiversa executive in exchange for his testimony. It has also been revealed that a former Issa staffer is representing LabMD in the case.

Sen. Jay Rockefeller, D-W.Va., also weighed in prior to the hearing, sending Issa a letter Wednesday blasting him for getting involved in an ongoing case.

“While Congress obviously has an important role in government oversight, I believe you have overstepped your bounds in this instance,” Rockefeller wrote. “It is not appropriate for Congress to intervene in the midst of a trial and to adversely affect its proceedings, as you have done. The inappropriate timing and nature of your investigation are buttressed by the revelation that LabMD is being represented by a former member of your committee staff. This raises the question of whether LabMD directly sought your help and intervention in the legal process rather than take the risk of losing on the merits at trial.”

There has been no announcement as to when the FTC’s trial will resume.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts