FTC v. Wyndham Worldwide Solidifies the FTC’s Role in Regulating Cybersecurity

The FTC has authority to regulate cybersecurity under the unfairness prong of § 45(a) of the Federal Trade Commission Act and companies have fair notice that their specific cybersecurity practices could fall short of that provision. F.T.C. v. Wyndham Worldwide Corp., 799 F.3d 236 (3rd Cir. Aug. 24, 2015).

Here are a few key points from the court’s opinion to consider:

  • Wyndham was hacked three times in 2008 and 2009 that resulted the compromise of over 619,000 consumer payment card records.
  • Information used to commit over $10.6 million in fraudulent charges.
  • Cybersecurity posture was very rudimentary and contravened recommendations in the FTC’s 2007 guidebook, Protecting Personal Information: A Guide for Businesses.
  • Website Privacy Policy made representations about its cybersecurity practices that were not true and, therefore, deceptive.

2 thoughts on “FTC v. Wyndham Worldwide Solidifies the FTC’s Role in Regulating Cybersecurity

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s