No harm, no foul? Not according to the FTC.

On July 29, 2016, the Commission held that a showing of tangible injury was not necessary in order for company acts and practices to be considered unfair. The case, In the Matter of LabMD, Inc., arose after a data security company accessed and downloaded a file from a former medical testing company, LabMD. The file contained 1,718 pages of personal information belonging to approximately 9,300 consumers, including names, addresses, dates of birth, social security numbers and medical information. The FTC’s ruling overturned a prior decision by Chief Administrative Law Judge D. Michael Chappell, who had found that LabMD’s supposed failure to institute reasonable data security measures was not likely to cause substantial injury to consumers.