In a recent blog post entitled “FTC Issues Final Order and Data Security Lessons in LabMD Case,” we discussed the Federal Trade Commission (“FTC”)’s Final Order in the LabMD case. The FTC found that LabMD failed to provide reasonable and appropriate security for its customers’ personal information and that this failure caused (or was likely to cause) substantial consumer harm constituting an unfair act in violation of the law. It ordered LabMD to implement a number of compliance measures, including creating a comprehensive information security program, undergoing professional routine assessments of that program, providing notice to any possible affected individual and health insurance company, and setting up a toll-free hotline for any affected individual to call. Although LabMD has closed its doors and has limited resources to comply with the FTC’s Final Order, it appealed the Final Order to the U.S. Court of Appeals for the Eleventh Circuit. At the same time, it sought a stay from the FTC, which would halt these compliance measures pending the court’s review. The FTC denied the stay, so LabMD then asked the Eleventh Circuit to grant the stay.
On November 10, 2016, the Eleventh Circuit granted LabMD’s motion to stay enforcement of the Final Order pending appeal. A copy of the court’s Order granting the stay is available here. When issuing the stay, the court found that there existed a serious legal question as to Continue reading