From: The Wall Street Journal | Risk & Compliance Journal
Should the federal government be in the business of protecting consumer privacy on the Internet? The hotel company Wyndham Worldwide Corp.WYN -1.03% will argue in a Philadelphia appeals court today that the Federal Trade Commission, the consumer watchdog, has no authority to enforce cybersecurity.
The stakes are high. Wyndham is seeking to have the court dismiss the FTC’s cybersecurity case. If Wyndham prevails, experts told Risk & Compliance Journal, it would hobble the FTC’s ability to bring cases against companies the agency contends are lax with consumer data security. The agency brought the case against Wyndham after hackers allegedly stole data from hundreds of thousands of customer accounts in a series of attacks in 2008 and 2009. The FTC maintains that lax data security standards allowed the breach to happen. But Wyndham is seeking to have the case dismissed, arguing that Congress never gave the FTC the authority to regulate data privacy. The agency has long relied on its authority to prevent “unfair” and “deceptive” business practices to bring cybersecurity actions. The FTC argues that poor cybersecurity “unreasonably exposes consumers to substantial injury they cannot reasonably avoid” and is just the type of practice Congress empowered them to prevent. Wyndham, which denies its cybersecurity was subpar, argues that the FTC’s privacy enforcement represents an illegitimate power grab. “As a matter of law and common sense, a business cannot be deemed to have engaged in an “unfair” practice where, as here, that business itself was the victim of criminal conduct by others,” the company said in a brief to the court.
Leave a Reply