infoTECH Feature

August 27, 2015

Recent Court Ruling Grants FTC Power to Regulate Cybersecurity

A recent U.S. appeals court ruling granted the FTC (News - Alert) explicit power to regulate cybersecurity, citing the lack of legislation governing this area and the FTC’s innate and broad authority to protect consumers from unfair and deceptive trade practices. The case — Federal Trade Commission v Wyndham Worldwide Corp et al, 3rd U.S. Circuit Court of Appeals, No. 14-3514 — reached a 3-0 decision on Monday at the 3rd U.S. Circuit Court of Appeals in Philadelphia, Pennsylvania. This decision upheld a ruling in April 2014 that allowed the case to move forward without addressing its merits.

The appeal was filed by Wyndham Hotels earlier this year, contesting a 2012 FTC lawsuit accusing the hotel chain of misrepresenting its ability to maintain adequate security for its customers’ data. The suit arose from three significant data breaches occurring in 2008 and 2009, which resulted in over $10 million in fraudulent charges affecting 619,000 customers. Wyndham argued that the FTC is far overreaching its power in this situation, despite the fact these recent security breaches still hang in the air and the company suggested no alternative solution for regulating cybersecurity.

More specifically, the FTC regards privacy failures and data insecurity in general as an “unfair business practice.” Wyndham’s published privacy policy promised a range of security measures to protect consumer data, but in many cases simply did not incorporate them with failures including unencrypted storage of credit card information, a lack of firewalls and the use of easy-to-guess passwords.

“A company does not act equitably when it publishes a privacy policy to attract customers who are concerned about data privacy, fails to make good on that promise by investing inadequate resources in cybersecurity, exposes its unsuspecting customers to substantial financial injury, and retains the profits of their business,” reads the court’s ruling.

This decision is a triumph for consumer privacy watchdogs who have been increasingly wary due to the relative lack of legislation regarding cybersecurity, and have waited for the FTC to take action. Hacking is a problem that only continues to grow, but with government intervention there is hope that it can be reasonably contained. Consumers may similarly rejoice in the comfort that the FTC is taking action to prevent further infringements on the security of their private data.




Edited by Dominick Sorrentino
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers