Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Appellate Court Affirms FTC Authority Over Corporate Information Security

August 25, 2015

As Bloomberg BNA reported yesterday (hat tip to Dave Ries), the Third Circuit Court of Appeals has ruled that the Federal Trade Commission (FTC) may proceed with a lawsuit alleging that hotel chain Wyndham Worldwide Corp. shoulders some of the responsibility for three breaches from 2008-2010 in which hackers allegedly stole more than 619,000 credit and debit card numbers.

Since our moribund Congress hasn't managed to pass comprehensive data security laws, the FTC has stepped in, bringing more than 50 data-security cases based on its authority to take action against unfair and deceptive business practices. Most cases have settled, but not this one.

The FTC alleged that Wyndham failed to implement reasonable safeguards, including leaving consumer data unprotected by firewalls and using outdated software that couldn't receive security updates. Wyndham argued that the FTC was overreaching and trying to hold businesses, rather than hackers, responsible for cybertheft. The Third Circuit three-judge panel disagreed in a unanimous ruling. Given the number of attacks, the court found that it should have been painfully apparent to Wyndham that a court could find its conduct potentially problematic.

And so the case will go on. If Wyndham's attorneys have any sense, they'll cut their losses and settle. This is a case whose tail is wagging furiously.

Wyndham made the lame argument that the FTC's lawsuit was akin to suing a supermarket that was sloppy about sweeping up banana peels. I'll bet the lawyer who came up with that analogy wishes he/she could take it back. The court said that Wyndham's argument "invites the tart retort that, were Wyndham a supermarket, leaving so many banana peels all over the place that 619,000 customers fall hardly suggests it should be immune from liability."

And that is what you call a bench-slap.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Appellate Court Affirms FTC Authority Over Corporate Information Security

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer