The Court of Appeals for the Eleventh Circuit has vacated an administrative order by the Federal Trade Commission, which required the medical testing company LabMD to implement "reasonable" data security measures, finding that the order was not specific enough to be enforceable. The court explained that the FTC can require companies to implement data security measures as long as it provides specific guidance. EPIC has repeatedly urged the FTC to mandate specific data security requirements in consumer privacy settlements, including in comments on recent settlements with Uber and PayPal. EPIC also submitted an amicus brief in FTC v. Wyndham, a case in which the Third Circuit Court of Appeals upheld the FTC's authority to enforce data security standards.
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.