FTC has Authority to Police Cybersecurity

August 24, 2015

A U.S. appeals court said the Federal Trade Commission has authority to regulate corporate cybersecurity, and may pursue a lawsuit accusing hotel operator Wyndham Worldwide Corp of failing to properly safeguard consumers' information.

The decision by the 3rd U.S. Circuit Court of Appeals in Philadelphia upheld an April 2014 lower court ruling allowing the case to go forward, reported Reuters.

It arose from three breaches in 2008 and 2009 in which hackers broke into Wyndham's computer system and stole credit card and other personal details from more than 619,000 consumers, leading to over $10.6 million in fraudulent charges, Reuters said.

Noting the FTC's broad authority under a 1914 law to protect consumers from unfair and deceptive trade practices, Circuit Judge Thomas Ambro said Wyndham failed to show that its alleged conduct "falls outside the plain meaning of 'unfair.'"

Wyndham brands also include Days Inn, Howard Johnson, Ramada, Super 8 and Travelodge. A spokesman said the Parsippany, New Jersey-based company is reviewing the decision.

FTC Chairwoman Edith Ramirez said: "It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information."

The FTC sued Wyndham in June 2012, claiming that the company's computer system "unreasonably and unnecessarily" exposed consumer data to the risk of theft.

Wyndham accused the FTC of overreaching, but U.S. District Judge Esther Salas in Newark, New Jersey refused to dismiss the case. Ambro rejected Wyndham's argument. He also rejected what he called Wyndham's "alarmist" argument that letting the FTC regulate its conduct could give the agency effective authority to regulate hotel room door locks, or sue supermarkets that fail to sweep up banana peels.

"It invites the tart retort that, were Wyndham a supermarket, leaving so many banana peels all over the place that 619,000 customers fall hardly suggests it should be immune from liability," Ambro wrote.

http://www.reuters.com/article/2015/08/24/wyndham-ftc-cybersecurity-idUSL1N10Z11320150824

Pandemics, Recessions and Disasters: Insider Threats During Troubling Times

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Industrial Cybersecurity: What Every Food & Bev Executive Needs to Know

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

Poll

Who has ownership or primary responsibility of video surveillance at your enterprise?

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

FTC has Authority to Police Cybersecurity

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

FTC has Authority to Police Cybersecurity

Related Articles

Related Products

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.