Decisions have been made regarding the FTC’s cybersecurity authority…
In a precedential decision, the Third Circuit Cmorourt of Appeals recently affirmed the cybersecurity authority of the Federal Trade Commission (FTC) to hold businesses liable for data breaches under Section 5 of the FTC Act.
The Facts of the Case
During 2008 and 2009, hackers breached Wyndham Worldwide Corporation’s computer network on three separate occasions. In total, they stole personal and financial information for hundreds of thousands of consumers, which resulted in more than $10.6 million dollars in fraudulent charges.
In recent years, the FTC has been increasingly bringing administrative actions under Section 5 of the FTC Act against companies that suffered data breaches due to allegedly deficient cybersecurity. The statute prohibits “unfair or deceptive acts or practices in or affecting commerce.”
In FTC v. Wyndham Worldwide Corporation, the FTC alleged that Wyndham’s conduct was an unfair practice and that its privacy policy was deceptive. The FTC specifically maintained that contrary to Wyndham’s stated data privacy and security policy, Wyndham did not use encryption, firewalls, and other commercially reasonable methods for protecting consumer data.
In defense of the suit, Wyndham argued that the FTC lacked the authority to regulate cybersecurity under the FTC Act. It further argued that Wyndham did not have fair notice that its specific cybersecurity practices could fall short of the statute’s requirements.
The Court’s Decision
With regard to whether Wyndham’s conduct was unfair, the appeals court rejected Wyndham’s defenses. According to the Third Circuit, there was little merit to Wyndham’s argument that a practice is only unfair if it is “not equitable” or “marked by injustice, partiality, or deception.” The appeals court further held that agreeing upon a precise definition did not really matter in this case.
As further explained in the opinion, “A company does not act equitably when it publishes a privacy policy to attract customers who are concerned about data privacy, fails to make good on that promise by investing inadequate resources in cybersecurity, exposes its unsuspecting customers to substantial financial injury, and retains the profits of their business.”
The Third Circuit also rejected Wyndham’s fair notice claim, concluding that Wyndham had fair notice that its conduct could fall within the meaning of the FTC Act. In reaching its decision, the court noted that the FTC published a guidebook for businesses in 2007 regarding best practices for protecting confidential consumer data. “The guidebook does not state that any particular practice is required by § 45(a), but it does counsel against many of the specific practices alleged here,” the panel highlighted.
The appeals court also noted that the FTC filed complaints and entered into consent decrees in administrative cases raising unfairness claims based on inadequate corporate cybersecurity prior to the company’s data breach. More importantly, the documents were all published via the FTC website or the Federal Register.
The Message for Businesses
In light of the decision, businesses should take the FTC seriously when it comes to cybersecurity. In particular, it is imperative to ensure that a company’s stated data protection policies and cybersecurity procedures are faithfully executed. In the case of Wyndham, one of its biggest mistakes was promising consumers one thing and doing another.
What to Do If You Are Impacted by a Retailer Bankruptcy Part 2
Over the past year, brick-and-mortar stores have closed their doors at a record pace. Fluctuating consumer preferences, the rise of online shopping platforms, and ongoing economic uncertainty continue to put pressure on the retail industry. When a retailer seeks bankruptcy protection, a myriad of other businesses are often impacted. Whether you are a supplier, customer, […]
The Current Administration's Proposals for the Financial Services and Banking Industries Will Affect Your Business
Since his inauguration two months ago, Donald Trump’s administration and the Congress it controls have indicated important upcoming policy changes. These changes will impact financial services policies and priorities. The changes will particularly affect cryptocurrency, as well as banking rules and regulations. Key Regulatory Changes in Cryptocurrency For example, in the burgeoning cryptocurrency business environment, […]
Tips for Commercial Landlords Impacted by Wave of Retailer Bankruptcies Part 1
The retail sector has experienced a wave of bankruptcy filings over the last year. Brick-and-mortar businesses in financial distress include big-name brands like Big Lots, Party City, The Container Store, and Vitamin Shoppe. When large retailers seek bankruptcy protection, they are not the only businesses impacted. Landlords can be particularly hard hit. While commercial landlords […]
How Understanding Bankruptcy Trends Can Benefit Your Business
The bankruptcy legal landscape presents both challenges and opportunities for businesses navigating financial distress. Understanding current bankruptcy trends can help businesses make more informed and strategic decisions. Corporate Bankruptcy Filings Trending Upwards Bankruptcy filings continued to trend upwards in 2024. According to statistics released by the Administrative Office of the U.S. Courts, personal and business […]
SEC Takes Actions Against Issuers for Failure to File Form D
In December, the U.S. Securities and Exchange Commission (SEC) announced charges against two privately held companies for failing to file a Form D notice, which is generally utilized for exempt securities offerings. Here, the SEC’s enforcement sends a strong message: compliance with regulatory requirements is not optional and failure to comply can have significant consequences. […]
Redefining Labor Relations: NLRB's Pivot from Abruzzo’s Memoranda
On February 14, 2025, the Office of General Counsel (OGC) of the National Labor Relations Board (NLRB) under Acting General Counsel William B. Cowen issued Memorandum 25-05, “New Process for More Efficient, Effective, Accessible and Transparent Case handling.” The Memorandum rescinds nearly all of the Memoranda issued by his direct predecessor, Jennifer Abruzzo, setting the […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
