Most business executives – even corporate lawyers who have dealt with federal regulators – assume that organizations will be notified what local, state, and federal regulations they are expected to comply with, what standards they must meet, what they are expected to do, and to be notified if they are in violation of a statue or not. But what if there are no standards of compliance? Does the enforcing agency create such standards? When there are no standards in the laws they enforce, how can law enforcement do their jobs? How can federal regulators hold their constituents to the standard of regulation?
How Can One Define “Reasonableness” In Terms Of Cyber Security?
In the case of LabMD, the Federal Trade Commission exploited these assumptions by simply omitting the fact that the agency applied no standards other than “reasonableness”. Thus became the moving goal posts that federal agencies put into use on a case by case basis to enforce federal regulations.
Such ambiguity doesn’t concern most people because the proverbial tree doesn’t fall on most people. But imagine a federal law enforcement agency knocking on your door and saying, “We’re going to search everything and see if you are violating any federal regulations, and we’re not going to tell you what you did violate or what you have to do to stop violating it, and, if we don’t find a violation now, but decide something is a violation later, we can and will retroactively determine it to be a violation of federal regulations.”
That’s exactly what the FTC did in the case of LabMD. The agency did not admit that until the 11th Circuit Court oral arguments in 2017. That admission came only after 8+ years of reading the proverbial government regulation tea leaves. That admission ultimately led to the federal judge siding with LabMD, and clarifying that the FTC did act incorrectly. One of the reasons the FTC lost the LabMD case is that they had no standards of compliance. They didn’t communicate to their regulatory constituents any means nor standard of compliance.
Profiting From THE Confusion of federal regulations
This instance represents a certain level of anarchy, chaos. But those who make money off of the regulatory process – law firms, privacy advisors, compliance consultants – enjoy a certain level of anarchy and confusion, because confusion creates billable hours for them. In the end, the court ruled that everything the FTC alleged that LabMD did not do, the 11th circuit determined that LabMD did.
The decade that it took for these two contrasting statements to be reconciled in court should cause every business owner to pause. That means a regulator can come in and make things up as they go. And, because the cost to fight back against the federal government is so expensive, you’re under water unless you have a lot of tolerance, perseverance, and, most of all, money.
Regulation As A Business Expense
No law can be applicable unless the law is enforced. There’s no battle winnable if you’re not willing to fight. FTC and other federal regulators enforce their policies not on fair laws, but on the non-compliant companies’ desire to settle and make the whole thing go away. Eventually, for businesses with enough resources, such practices become a cost of doing business. There are no standards or rules for federal regulations. That may seem hard to believe, but the regulatory agencies’ intimidation racket is not going away any time soon.
This process is why big companies often become friendly with the government. The high cost of regulation and compliance has become a barrier to entry against smaller, more innovative companies. The larger the company, the more pro government they tend to become. Regulation becomes a barrier to entry, a protection against competition. The bureaucrats, lawyers, and regulators make money on regulation. Large companies simply build it into their budget as a cost of doing business.
Such practice destroys competition. However, most people don’t understand it because nobody wants to see the bloodbath that happens when you fight the government. While people may prefer to remain comfortably in their ignorance, silence doesn’t mean everything is ok.