FTC Allowed To Sue Wyndham For Failing To Protect Users' Data

A federal judge has sided with the Federal Trade Commission in a high-profile dispute with Wyndham Hotels about its security practices.

U.S. District Court Judge Esther Salas in New Jersey ruled today that the FTC can proceed with a case against Wyndham, which suffered data breaches on three occasions between 2008 and 2010. The FTC alleged that Wyndham violated its privacy policy, which promised to use “industry standard practices” to keep customers' information secure. The agency also alleged that Wyndham engaged in unfair practices by failing to take reasonable security measures -- like using firewalls, and requiring encryption of credit card data.

Wyndham asked Salas to dismiss the case, arguing that the FTC lacks authority to charge companies with unfair data security practices. The hotel chain specifically contended that the agency hadn't issued data-security regulations, which would have given companies advance notice of the standards the FTC expected them to follow.

Salas rejected Wyndham's arguments today, ruling that the FTC has the flexibility to charge Wyndham with unfairness regardless of whether the agency promulgated cybersecurity regulations.  She said in the ruling accepting Wyndham's theory would lead to an “untenable consequence” -- that the FTC “would have to cease bringing all unfairness actions without first proscribing particularized prohibitions.”

At the same time, Salas wrote that her ruling doesn't “give the FTC a blank check to sustain a lawsuit against every business that has been hacked.”

Some commentators previously said that a ruling against Wyndham was likely to result in more FTC cybersecurity cases, while a ruling siding against Wyndham would have ended the FTC's ability to police poor security. The closely watched case drew friend-of-the-court briefs from a variety of groups, including the U.S. Chamber of Commerce (which sided with Wyndham) and advocacy organization Public Citizen (which supported the FTC.)

Tags: privacy
Recommend (5)
3 comments about "FTC Allowed To Sue Wyndham For Failing To Protect Users' Data".
  1. Chuck Lantz from 2007ac.com, 2013ac.com network , April 7, 2014 at 11:06 p.m.
    Is the second sentence in the third paragraph correct?
  2. Wendy Davis from mediapost , April 7, 2014 at 11:35 p.m.
    Thanks for catching Chuck. The sentence is now fixed.
  3. Chuck Lantz from 2007ac.com, 2013ac.com network , April 7, 2014 at 11:43 p.m.
    The editing invoice is in the mail. ;)