The Eleventh Circuit recently issued a long awaited ruling in the LabMD case. It narrowly ruled that FTC’s order to LabMD – to cease and desist its prior practices and revise and replace its data security program – was not specific enough. Because of this ruling, National Law Review anticipates more specific orders from the commission.
FTC had gone after a cancer detection facility that suffered a data breach, criticizing the company for lax data security and issuing a broad requiring changes to the company’s systems. LabMD took the unusual measure of challenging the order, on both substantive and procedural grounds.
The case was eventually appealed to the Eleventh Circuit, which chose not to address various key issues, such as what type of injury is cognizable when it comes to data breaches, and what type of notice the FTC must provide.