11th Circuit’s Stay Suggests that the FTC’s Final Order Against LabMD May Itself be “Unfair” and “Unreasonable”

As reported on this blog on September 27, 2016, the FTC issued a Final Order holding that LabMD’s data security practices were “unreasonable” and constituted an “unfair” business practice in violation of Section 5 of the Federal Trade Commission Act (“FTC Act”), 15 U.S.C. §45(a) and (n). The findings were a clear signal of the FTC’s expanding efforts to regulate data security and to incentivize companies handling sensitive data to implement and maintain strong data security practices. On Thursday, November 10, 2016, the 11th Circuit stayed enforcement of the FTC’s Final Order pending a full hearing and final decision on LabMD’s appeal, and called into question the validity of the FTC’s conclusions as to what may constitute an actionable “privacy harm” following a data security breach.