Eleventh Circuit Finds FTC Overreached on Cybersecurity Measures
A federal Court of Appeals has determined the Federal Trade Commission's (FTC) order directing a medical laboratory to create and implement a variety of protective cybersecurity measures was unenforceable. The Eleventh Circuit ruled the FTC engaged in overreaching when it ordered LabMD to implement a comprehensive data security plan in the wake of a breach. The plan lacked an FTC directive to enjoin any specific act or practice and instead held LabMD to an indeterminable standard of reasonableness in replacing its current data security program.