In a closely watched data security case with significant implications for all enforcement actions, the United States Court of Appeals for the Eleventh Circuit struck down an FTC cease-and-desist order as impermissibly vague, providing a setback for FTC enforcement efforts. In this guest article, Buckley Sandler attorneys Elizabeth McGinn, Sasha Leonhardt and A.J. Dhaliwal explain the background of LabMD, Inc. v. FTC and the Eleventh Circuit’s decision, and provide lessons for companies examining their cybersecurity protections and data breach response programs. See “Lessons and Trends From FTC’s 2017 Privacy and Data Security Update: Enforcement Actions (Part One of Two)” (Jan. 31, 2018); Part Two (Feb. 14, 2018).