Hotel chain challenges the FTC’s power to sue over data breaches

The FTC alleges that Wyndham had “unfair or deceptive” practices by not maintaining “reasonable and appropriate” data security protections

Privacy and data security experts are closely watching a case that for the first time challenges the Federal Trade Commission’s (FTC) authority to sue companies on behalf of consumers for cybersecurity breaches and lax or misleading data security policies.

In Federal Trade Commission v. Wyndham Worldwide Corporation, the FTC alleges that Wyndham and its hotel subsidiaries violated Section 5 of the FTC Act, which forbids “unfair or deceptive” practices by not maintaining “reasonable and appropriate” data security protections.

Filling a Void

Some privacy and data security experts see the FTC as filling a void created by the failure of both Congress to pass broad-based privacy legislation and the Obama administration to issue a long-expected executive order setting cybersecurity standards.

Michael Kozubek

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.