On June 7, U.S. Court of Appeals for the Eleventh Circuit set aside a cease and desist order imposed by the Federal Trade Commission on LabMD, Inc. The cease and desist order, rather than identifying “specific unfair acts or practices from which LabMD must abstain”, would have required the company to create and implement various protective measures that, in the court’s view, “would regulate all aspects of LabMD’s data security program”. In considering the issue of enforceability, the court notes that “the cease and desist order contains no prohibitions” but instead “commands LabMD to overhaul and replace its data-security program to meet an indeterminable standard of reasonableness.” Highlighting the “problems that enforcing the order would pose”, the court opines that “the prohibitions contained in cease and desist orders must be specific” or otherwise the “court is put in the position of managing [a company’s] business in accordance with [a regulator’s] wishes.”