A U.S. appeals court said the Federal Trade Commission has authority to regulate corporate cybersecurity, and may pursue a lawsuit accusing hotel operator Wyndham Worldwide Corp of failing to properly safeguard consumers’ information.

Monday’s 3-0 decision by the 3rd U.S. Circuit Court of Appeals in Philadelphia upheld an April 2014 lower court ruling allowing the case to go forward.

It arose from three breaches in 2008 and 2009 in which hackers broke into Wyndham’s computer system and stole credit card and other personal details from more than 619,000 consumers, leading to over $10.6 million in fraudulent charges.

Noting the FTC’s broad authority under a 1914 law to protect consumers from unfair and deceptive trade practices, Circuit Judge Thomas Ambro said Wyndham failed to show that its alleged conduct “falls outside the plain meaning of ‘unfair.'”

Wyndham brands also include Days Inn, Howard Johnson, Ramada, Super 8 and Travelodge. A spokesman said the Parsippany, New Jersey-based company is reviewing the decision.

FTC Chairwoman Edith Ramirez welcomed the decision.

“It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information,” she said.

Congress has not adopted wide-ranging legislation governing data security, a growing concern amid high-profile breaches such as at retailer Target Corp, the infidelity website Ashley Madison, and even U.S. government databases.

In a test of its power to fill the void and hold companies accountable, the FTC sued Wyndham in June 2012, claiming that the company’s computer system “unreasonably and unnecessarily” exposed consumer data to the risk of theft.

Wyndham accused the FTC of overreaching, but U.S. District Judge Esther Salas in Newark, New Jersey refused to dismiss the case.

Affirming that ruling, Ambro rejected Wyndham’s argument that the company lacked “fair notice” about what the FTC could require.

He also rejected what he called Wyndham’s “alarmist” argument that letting the FTC regulate its conduct could give the agency effective authority to regulate hotel room door locks, or sue supermarkets that fail to sweep up banana peels.

“It invites the tart retort that, were Wyndham a supermarket, leaving so many banana peels all over the place that 619,000 customers fall hardly suggests it should be immune from liability,” Ambro wrote.

The case is Federal Trade Commission v Wyndham Worldwide Corp et al, 3rd U.S. Circuit Court of Appeals, No. 14-3514.

(Reporting by Jonathan Stempel in New York; Additional reporting by Alina Selyukh in Washington, D.C.; Editing by Jeffrey Benkoe and Alan Crosby)

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.

Related Posts

Facebook Comments

Return to Top ▲Return to Top ▲