Court Upholds FTC’s Authority to Protect Consumer Data (Aug. 27, 2015)
A U.S. appeals court this week determined that the FTC has authority to regulate corporate cybersecurity and can pursue a lawsuit against hotel operator Wyndham Worldwide Corp. for allegedly failing to properly safeguard consumers’ information.
In June 2012, the FTC filed a lawsuit against Wyndham for “failure to maintain reasonable and appropriate data security for consumers’ sensitive personal information,” and that the defendants’ failure to maintain reasonable security enabled intruders to obtain unauthorized access to the computer networks of Wyndham Hotels and Resorts, along with several of its franchised hotels, on three separate occasions in less than two years. The alleged breaches led to more than $10.6 million in fraud loss and the theft of hundreds of thousands of consumers’ payment card account information, according to the lawsuit.
The Third U.S. Circuit Court of Appeals in Philadelphia on Monday upheld an April 2014 lower court ruling by a 3-0 vote allowing the case to go forward.
“[Monday’s] decision reaffirms the FTC’s authority to hold companies accountable for failing to safeguard consumer data,” said Edith Ramirez, FTC chairwoman. “It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information.”
Safeguarding consumer data continues to be top of mind following high-profile breaches of Chase, Home Depot and the IRS, among others.
Related stories: