Internet Law & Cyber-Security


Filter By Topics: Topic

We're Sorry

No Results Found

We're Sorry

No Results Found



11th Circuit Vacates FTC Order Against LabMD as Unenforceable

By Sara Beth A.R. Kohut, Young Conaway Stargatt & Taylor, LLP

The U.S. Court of Appeals for the Eleventh Circuit has vacated an order of the Federal Trade Commission (FTC) in an enforcement action that charged now-defunct medical laboratory LabMD, Inc. with having a security program that was so inadequate it constituted an “unfair act or practice” under the Federal Trade Commission Act. LabMD, Inc. v. FTC, No. 16-16270 (11th Cir. June 6, 2018). A LabMD billing employee had downloaded peer-to-peer file-sharing software on a computer, allegedly permitting external persons to access a file that contained personal information for 9,300 customers. An administrative law judge dismissed the FTC’s complaint, but the full Federal Trade Commission reversed on appeal, citing numerous security measures that LabMD failed to execute, and entered a cease-and-desist order that required LabMD to implement a reasonable security program.  

The court of appeals assumed arguendo that LabMD’s negligence in implementing a data security program was an unfair practice but found the FTC’s order was unenforceable. Rather than directing LabMD to stop committing a specific act, the order directed it to implement a security program that met an undefined standard of reasonableness. The order’s lack of specificity would require an enforcing court to micromanage LabMD’s business to the FTC’s satisfaction. While the order did not invalidate the FTC’s authority to regulate security, it is likely to change the level of detail the FTC will require in future enforcement orders.

Fourth Circuit Clarifies Standing Requirements in Data Breach Cases


Top Contributors

Login or Registration Required

You need to be logged in to complete that action.