On June 6, 2018, the Court of Appeals for the Eleventh Circuit vacated the FTC's order directing a laboratory services company to implement a variety of data security measures. The FTC's initial order followed an investigation into the alleged exposure of 9,300 consumers' personal information on a file-sharing site. On appeal, the Eleventh Circuit found the order unenforceable because it "does not enjoin a specific act or practice" and instead mandates a "complete overhaul" of the company's data security program without sufficient specificity.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.