Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

FTC has authority to police cyber security, court says

Reprints
FTC has authority to police cyber security, court says

(Reuters) — A U.S. appeals court said the Federal Trade Commission has authority to regulate corporate cyber security, and may pursue a lawsuit accusing hotel operator Wyndham Worldwide Corp. of failing to properly safeguard consumers' information.

Monday's 3-0 decision by the 3rd U.S. Circuit Court of Appeals in Philadelphia upheld an April 2014 ruling allowing the case to go forward, without ruling on the merits.

Noting the FTC's broad authority under a 1914 law to protect consumers from unfair and deceptive trade practices, Circuit Judge Thomas Ambro said Wyndham failed to show that its alleged conduct “falls outside the plain meaning of 'unfair.' ”

Wyndham brands also include Days Inn, Howard Johnson, Ramada, Super 8 and Travelodge. A spokesman said the Parsippany, New Jersey-based company is reviewing the decision.

Congress has not adopted wide-ranging legislation governing data security, a growing concerns amid high-profile breaches such as at retailer Target Corp., the infidelity website AshleyMadison.com, and even U.S. government databases.

The Wyndham case is a test of FTC power to help fill this void and police how companies protect against data breaches.

It arose from three breaches in 2008 and 2009 in which hackers broke into Wyndham's computer system.

These hackers stole credit card and other personal details from more than 619,000 consumers, leading to over $10.6 million in fraudulent charges.

The FTC sued Wyndham in June 2012, claiming that the company's computer systems unreasonably and unnecessarily exposed consumer data to the risk of theft.

Wyndham accused the FTC of overreaching, but U.S. District Judge Esther Salas in Newark, New Jersey refused to dismiss the case.

In upholding that ruling, Judge Ambro rejected Wyndham's argument that the company lacked “fair notice” that its practices fell short of what the FTC could require.

He also rejected what he called Wyndham's “alarmist” argument that letting the FTC regulate its conduct could give the agency effective authority to regulate hotel room door locks, or sue supermarkets that fail to sweep up banana peels.

“It invites the tart retort that, were Wyndham a supermarket, leaving so many banana peels all over the place that 619,000 customers fall hardly suggests it should be immune from liability,” Judge Ambro wrote.

The FTC did not immediately respond to requests for comment.

Read Next

  • FTC files lawsuit against Wyndham in data breach

    PHOENIX (Reuters)—U.S. regulators filed a complaint against Wyndham Worldwide Corp. and three subsidiaries on Tuesday, alleging that a failure to safeguard consumers' personal information had led to millions of dollars lost to fraud.