Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: FTC v. Wyndham

Posted in Consumer Privacy

FTC Litigation Prompts Changes to Congressional Oversight

Close followers of the cases FTC v. Wyndham Worldwide Corp. and In the Matter of LabMD know that the litigation has prompted increased Congressional oversight of the Federal Trade Commission’s data security enforcement practices. Prior to Wyndham and LabMD, Congressional debates on the FTC’s data security practices centered on whether the Commission should have additional tools to address these issues, including traditional rulemaking authority to create new data security rules, civil penalty authority to fine violators, or authority over the activities of non-profit entities. To the extent Congress questioned the FTC’s enforcement decisions in this pre- Wyndham and LabMD era, those inquires typically focused on the length of time of FTC settlement agreements, while relatively little attention was paid to how the Commission provided notice of its data security standards or how the Commission chose its enforcement targets. Wyndham and LabMD fundamentally shifted this debate.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

Analysis of FTC v. Wyndham: Third Circuit Affirms FTC Authority to Regulate Data Security

On Monday, August 24, 2015, the U.S. Court of Appeals for the Third Circuit issued its opinion in FTC v. Wyndham Worldwide Corp upholding the authority of the Federal Trade Commissionto oversee cybersecurity practices. The Wyndham case first made headlines in June 2012, when it became the first cybersecurity enforcement action to be litigated instead of being resolved by settlement. Wyndham Worldwide Corp. moved to dismiss the FTC’s claims that allegedly insufficient cybersecurity practices constituted unlawful “unfair” and “deceptive” business practices, arguing that the FTC’s unfairness authority did not extend to cybersecurity, and that the statements in its online privacy policy were not deceptive. Since that time, the case has been closely watched as the District Court for the District of New Jersey and the Third Circuit Court of Appeals considered the issue of whether the FTC had authority to regulate cybersecurity under the unfairness prong of § 45(a) of the FTC Act.