Two Federal Trade Commission lawyers should be shielded from liability for their roles in a data-breach case the agency brought against a medical device company, the U.S. Justice Department told a federal appeals court Thursday.
The agency lawyers, Alain Sheer and Ruth Yodaiken, who participated in the investigation of the now-defunct Atlanta company LabMD Inc., want the U.S. Court of Appeals for the D.C. Circuit to overturn a lower court ruling that exposed them to civil damages.
The underlying suit alleged the FTC lawyers “ramped up” a data security probe in retaliation against LabMD chief executive Michael Daugherty’s criticism of the agency’s investigation. An administrative law judge ruled for LabMD in the data case, but the full commission overturned that decision and found the company’s lax cybersecurity contributed to the exposure of nearly 10,000 patients’ personal information. LabMD, represented by Ropes & Gray, has an appeal pending in the Atlanta-based Eleventh Circuit, which heard argument on June 21.
At issue in the case in Washington is whether Sheer and Yodaiken should be held liable for their roles in the investigation and enforcement against LabMD. A federal trial judge said some claims against the two lawyers—for allegedly retaliating against Daugherty for speaking out—can move forward. Daugherty pursued claims under a 1971 Supreme Court case, commonly known as “Bivens,” that allowed constitutional claims against government officials.
“Recognizing a Bivens claim here would legitimize plaintiffs’ efforts to attack agency conduct they believe unwarranted through the vehicle of personal-liability lawsuits against individual staff,” Justice Department lawyers told the D.C. Circuit in a brief Thursday night. “The complaint in this case—as well as plaintiffs’ other lawsuits—makes clear that plaintiffs disagree with the commission’s ultimate decision to enforce the FTC Act against LabMD.”
The “other lawsuits” was a reference to Daugherty’s long push to thwart the FTC’s case against him and LabMD. He was largely unsuccessful in those efforts. Daugherty contends the FTC’s action against his company, for failing to secure patient data, forced him to shut down the business.
Daugherty also alleges the agency colluded with Tiversa, a Pittsburgh-based data security firm that came under congressional scrutiny in 2014 over accusations that it hacked a LabMD computer and tried to blackmail the company before turning to the FTC. Tiversa, which has also been accused of falsifying evidence of the LabMD patient file spreading online, has denied any wrongdoing.
Sheer and Yodaiken hope to find support from the U.S. Supreme Court ruling last term that shielded former top George W. Bush administration officials—including Robert Mueller III—from liability in a Sept. 11-related lawsuit. That suit alleged top Bush administration officials officials should be held liable for their roles in crafting and executing an unlawful detention scheme in the aftermath of the terror attacks.
The FTC adopted a new indemnity policy in July allowing the agency to cover the cost of any adverse judgments against staff sued over actions taken in their official capacities.
In a Federal Register notice, the FTC said the potential for a monetary judgment against any employee could “hinder the agency’s effectiveness as a law enforcement agency.” It added that other agencies, including the U.S Justice Department and U.S. Commodity Futures Trading Commission, afford their employees the same protection.