The U.S. Court of Appeals for the Eleventh Circuit has ordered the FTC to halt enforcement of its data security order against LabMD while LabMD challenges the action.

To recap the events leading up to this stay, a data security company allegedly obtained sensitive data from LabMD via a peer-to-peer file-sharing program.  Allegedly, after LabMD refused to purchase the company’s security products, it reported the alleged data security vulnerability to the FTC. The FTC accused LabMD of unfair practices in failing to provide reasonable and appropriate security for customers’ personal information, which was allegedly likely to cause harm to customers. In 2015, an Administrative Law Judge dismissed the case, finding that the FTC failed to prove LabMD’s practices were likely to cause substantial customer injury. In July 2016, upon appeal to the full Commission, the FTC reversed the ALJ decision. Although LabMD stopped operating in 2014, the FTC nevertheless ordered LabMD to implement several information security compliance measures because the Lab still maintains medical records. LabMD appealed to the Eleventh Circuit and filed a motion to stay the FTC’s order.

(more…)