Three judges of the 11th Circuit Court of Appeals last week granted LabMD’s request to stay enforcement of the Federal Trade Commission's decision against LabMD from August, according to Tech Policy Daily.
The court indicated it is "skeptical of the FTC’s underlying theory" about its decision to force the now-defunct company to conduct a number of activities to shore up cybersecurity that the company estimates would cost it about $250,000. The judges said LabMD would be "irreparably harmed" if forced to obey the FTC’s order.
The FTC has pushed for LabMD to take extensive measures to secure customer data secured on its computers.
The move may call into questions the FTC's self-proclaimed role of ensuring companies maintain data security measures to protect customers.
The FTC began investigating LabMD for allegedly failing to protect thousands of patient records because of lacking cybersecurity practices. Last November, administrative law judge D. Michael Chappell dismissed FTC charges against LabMD, saying that the agency had overstepped its authority. In August, the FTC reversed the administrative law judge's decision.
Over the past decade the FTC has established itself as the government’s chief cybersecurity enforcer, suing LabMD and several other entities, including Wyndham Hotels, on similar grounds. But LabMD has challenged the FTC’s authority to police cybersecurity shortcomings.
LabMD's CEO and others had said Congress did not give explicit directions for the agency to go after companies with weak cybersecurity. The 11th Circuit’s order is an indication that the FTC may not have as broad authority to protect consumers from data mismanagement as it has claimed.