Michael Daugherty, owner of LabMD, outside the U.S. Federal Trade Commission building. (Photo: Diego M. Radzinschi/ ALM)Former LabMD Chief Who Beat FTC at 11th Circuit Turns His Experience to Cybersecurity
Michael Daugherty has launched a series of programs bringing together lawyers, security experts and corporate executives to promote cybersecurity strategies.
January 23, 2019 at 02:23 PM
5 minute read
Michael Daugherty spent years wrangling with the Federal Trade Commission over a 2008 data breach at his now-defunct company LabMD before finally defeating the agency after the U.S. Court of Appeals for the Eleventh Circuit ruled the FTC overstepped its authority in ordering sweeping and largely undefined remedial measures.
That five-year fight isn't over: Daugherty and LabMD—which still exists as a corporate entity—are still embroiled in litigation, including a $1.7 million attorney fee request he filed against the FTC to recoup his fees at the Eleventh Circuit.
But Daugherty also is using the knowledge and contacts he's made over the years to help head off online data pirates, founding a cybersecurity foundation that held its first event in Atlanta on Tuesday as the city braces for the Super Bowl and what speakers said are the inevitable attacks that come with it.
“It's not a matter of 'if.' We know there are going to be attacks,” said Daugherty, who put together a panel of lawyers, corporate executives and security professionals to address 100 or so attendees at the daylong Cyber Culture workshop at the Atlanta Tech Village.
“The word 'cybersecurity' scares executives, but it has to be addressed legally and functionally,” Daugherty said in an interview. “The best defense is always a good offense.”
Daugherty—who is neither a lawyer nor a security expert—said his own experience of having his once-successful cancer-testing company hacked and subsequently targeted by the FTC led him to launch the Cyber Education Foundation last year.
“I'm not a cybersecurity expert from the tech side,” said Daugherty. “I'm doing what I do best. Just like I brought the best physicians together for LabMD, I'm bringing the best experts I can find to talk about the law and security.”
Douglas Meal with Orrick in Boston.
Among the speakers was Boston-based attorney Douglas Meal, who recently left Ropes & Gray to join Orrick, Herrington & Sutcliffe and who argued Daugherty's successful appeal at the Eleventh Circuit.
Meal is also a specialist in cybersecurity, and his presentation emphasized the legal strategies and liabilities companies should use in preparing a security strategy.
A data breach may result in blame being cast toward a company's information systems, so good use should be made of outside security assessments, Meal said. At the same time, those assessments can be used by investigating agencies like the FTC or third parties, to target companies working through the aftermath of a data breach.
“When you have an event, one of their first requests is, 'Please provide all your assessments,'” Meal said.
Meal added half the cases he's handled involving data-breach investigations are built on a company's security assessments.
“I would think long and hard about having assessments done under attorney-client privilege,” said Meal, because “that's not a document you have to turn over to an adversary.”
Companies should also be wary of issuing sunny overviews of their security procedures.
“Time and again, what hangs up regulators is not bad security but deceptive statements,” Meal said.
Most important is having a relatively simple security plan in case of a data breach and making sure everyone is on board with it, Meal said.
“A lot of time the plans don't include the GC, CEO or the board,” he said. “Those are the people who make the decisions.”
“In real life, an event occurs, the plan comes out, and the GC or CEO says, 'No, we're not going to do that.' It happens all the time,” Meal said.
In the meantime, he said, damage is ongoing, and what might have been a breach of 10,000 records can snowball into a million or more.
“Every day you have your head in the sand, the event continues,” he said.
Kate Kuehn, the CEO of cybersecurity platform company Senseon's United states division, said in an interview that Atlanta is in a sense more prepared for the Super Bowl in February because of last year's ransomware attack that shut down city computers for several days.
“The idea that Atlanta went through a major breach could be considered a major prep test,” Kuehn said.
Whether it's the Super Bowl, World Series or a major soccer event, said Kuehn. “Whenever you have a large number of people gathering, you'll have a lot of others trying to cause chaos and havoc.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
'A Fierce Battle of Expert Witnesses' Expected in Cybersecurity Spat
14-State Coalition Sues TikTok, Alleging Addictive Algorithms Trigger Mental Health Harms in Adolescents
Trending Stories
- 1Stevens & Lee Names New Delaware Shareholder
- 2U.S. Supreme Court Denies Trump Effort to Halt Sentencing
- 3From CLO to President: Kevin Boon Takes the Helm at Mysten Labs
- 4How Law Schools Fared on California's July 2024 Bar Exam
- 5'Discordant Dots': Why Phila. Zantac Judge Rejected Bid for His Recusal
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
