In this series of blog posts, I’ll be looking at the Federal Trade Commission (FTC) charges against companies in the area of cybersecurity practices that put consumers at risk.
The FTC is a U.S. government agency that protects consumers, traditionally in face-to-face businesses. However, the agency has now defined reasonable cybersecurity and begun to protect consumers in the digital space.
The First Widely Publicized Case
Wyndham Worldwide Corporation is an international hospitality company that operates several hotel brands around the world. They did not take proper measures to keep their customer’s information secure. Wyndham did not use password management; they had no firewalls in place and did nothing to protect themselves or their customer’s data. They unfairly placed ‘consumers’ payment card Information at risk, which led to three separate incidents where hackers exploited their systems and endangered the personal information of consumers.
The Charges
The FTC charged the company with unfair business practices and brought Wyndham Worldwide Corporation to court, eventually reaching the third circuit court of appeals. Wyndham argued that the FTC didn’t have authority over cases of cybersecurity, but this claim was proven wrong in court. The court ruled that the average consumer could do nothing to protect themselves in this instance and that the Wyndham Corporation must keep their networks secure and safe.
The Wyndham case was the first widely publicized occurrence of the FTC confronting issues in cybersecurity. The consumer suffered harm, and that is unfair. We’ll see in future posts that the Commission continues to investigate cases of poor cyber hygiene in businesses.
Why is this Important?
The Wyndham case is important because it solidifies that the FTC is a national watchdog for privacy and security laws. If you want to read more details, here’s a link to the Third Circuit rules in FTC v. Wyndham case.
Check back next week when we dive into another example of an FTC case in the area of cybersecurity.