FTC Privacy Enforcement Power Wins Court Blessing - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity
News
4/8/2014
09:06 AM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

FTC Privacy Enforcement Power Wins Court Blessing

The agency's claim against Wyndham Hotels for poor data security practices has been allowed to proceed.

20 Great Ideas To Steal In 2014
20 Great Ideas To Steal In 2014
(Click image for larger view and slideshow.)

Wyndham Worldwide Corporation and its subsidiaries will have to face the Federal Trade Commission in court after a federal judge on Monday rejected the hospitality company's contention that the FTC lacks the authority to regulate its computer security practices.

Judge Esther Salas, US District Judge for the District of New Jersey, ruled that a lawsuit filed in 2012 by the FTC over alleged security shortcomings at Wyndham and its subsidiaries may proceed.

FTC Chairwoman Edith Ramirez said via Twitter that she was pleased the court had recognized her agency's authority to hold companies accountable for safeguarding consumer data. She added that businesses should take steps to secure sensitive consumer information and warned that the agency will take action to make sure companies do so.

The ruling underscores that US privacy regulation isn't inconsequential. In a recently published paper, Daniel J. Solove, a law professor at George Washington University, and Woodrow Hartzog, an assistant law professor at Samford University, note that despite more than 15 years of FTC privacy enforcement, which has resulted in settlement agreements rather than judicial decisions, "FTC privacy jurisprudence is the broadest and most influential regulating force on information privacy in the United States -- more so than nearly any privacy statute or common law tort."

That doesn't sit well with TechFreedom, a tech industry advocacy group, which questioned whether the FTC's approach aligns with the intent of Congress and whether the agency has too much discretion to challenge companies.

The FTC characterizes its lawsuit as an attempt to ensure that companies live up to the promises they make about privacy and data security, specifically statements made in privacy policies and related online statements.

Wyndham insisted on its website that it safeguarded its customers' personally identifiable information "using standard industry practices." FTC contends the hotel group did something less than that.

Between April 2008 and January 2010, the FTC complaint says, hackers accessed the hotel group's property management systems three separate times. The hackers allegedly used similar techniques each time to access personal information, including payment card numbers, expiration dates, and security codes.

All told, according to the complaint, the breaches resulted in the compromise of more than 619,000 payment card account numbers, the export of many of those account numbers to a Internet domain registered in Russia, fraudulent charges on many customers' accounts, and fraud losses totaling more than $10.6 million.

The FTC claims that Wyndham "failed to provide reasonable and appropriate security for the personal information collected and maintained by [the company and its subsidiaries]."

Wyndham Worldwide continued to express confidence in its position.

"It is important to note that the Court made no decision on liability today," Wyndham Worldwide spokesman Michael Valentino said in an emailed statement. "We continue to believe the FTC lacks the authority to pursue this type of case against American businesses, and has failed to publish any regulations that would give such businesses fair notice of any proposed standards for data security. We intend to defend our position vigorously."

Find out how a government program is putting cloud computing on the fast track to better security. Also in the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
How CIO Roles Will Change: The Future of Work
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2021
Commentary
A Strategy to Aid Underserved Communities and Fill Tech Jobs
Joao-Pierre S. Ruth, Senior Writer,  7/9/2021
Slideshows
10 Ways AI and ML Are Evolving
Lisa Morgan, Freelance Writer,  6/28/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Slideshows
Flash Poll