Imagine you’re a CEO whose IT system/client data has been breached. The FTC then files a complaint against you, but when you try to find out exactly what you must do to meet federal regulations, you run into the brick wall that is federal bureaucracy, not to mention the nebulous, costly world of regulations. This is exactly what’s happened to Michael Daugherty, CEO of LabMD, who has written a book about it called “The Devil Inside the Beltway.” As the Triangle Business Journal reports, Daugherty was part of a recent event held by Tech Freedom and Cause of Action. Here’s what this CEO is facing:
FTC investigation: In 2010, the FTC sent LabMD a letter asking the company about its data security practices, and the company sent the agency “a dump truck” of documents, Daugherty said. It invited FTC investigators to come to Atlanta for an on-site visit, and they declined, he said. Daugherty then flew to Washington, “where I felt like I was on an episode of CSI.” The agency couldn’t tell him the data security standards that businesses were supposed to meet — instead it just pointed to previous consent agreements, where companies agreed to implement a comprehensive information security program and have that evaluated every two years by an outside expert for the next 20 years.
Why LabMD refused to sign a consent agreement: Daugherty said LabMD was more than willing to comply with data security standards, but it needed to know what those standards are. The FTC, he said, was making them up as it went along. “That was a problem for us,” he said. Plus, he felt his company’s reputation was at stake.
This country’s regulatory web is vast and complex. Compliance is costly and time consuming – and the FTC’s actions in Mr. Daugherty’s case only makes things tougher for his company.
Here in North Carolina, thankfully, the legislature is taking steps to rein in regulatory overreach.
