In an order released November 10 in LabMD, Inc. v. FTC, the Eleventh Circuit stayed the execution of an FTC data security enforcement order against LabMD Inc. pending the appellate court’s own ruling on whether the agency acted on an unreasonable interpretation of what security companies must provide. LabMD, Inc. v. FTC, No. 16-16270-D, Order Granting Stay (11th Cir. Nov. 10, 2016).
The FTC had ruled in July that LabMD’s data security practices violated the FTC Act, clarifying and expanding upon the FTC’s authority to regulate corporate data security practices. After an FTC administrative law judge denied LabMD’s request to stay enforcement until the medical company had exhausted its remedies on appeal, LabMD appealed to the Eleventh Circuit, which granted the stay in a unanimous decision.
Noting that the case turns upon whether the FTC’s interpretation of the FTC Act is reasonable, the Appellate cCourt granted the stay based on its finding that (i) “there are compelling reasons why the FTC’s interpretation may not be reasonable”; (ii) complying with the FTC’s Order would cause LabMD irreparable harm given its financial situation, (iii) there would be no substantial injury to other parties given that LabMD is no longer operating, and (iv) the public interest factor was neutral. The appeal will now proceed on the merits of LabMD’s arguments for reversal of the FTC’s enforcement order.