A federal court said on Monday that companies that fail to provide their consumers with “reasonable protections” against data breaches can be sued by consumer protection agencies.
As reported by The Wall Street Journal Monday (Aug. 24), the Third U.S. Circuit Court of Appeals, based in Philadelphia, ruled that the Federal Trade Commission could proceed with its standing lawsuit against Wyndham Worldwide, alleging that the hotel chain was and remains responsible for three data breaches that took place between 2008 and 2010. Through those incidents of data theft, hackers made off with nearly 620,000 credit and debit card numbers. The FTC has maintained the hacks led to more than $10 million in losses tied to fraud.
The Journal reported that the court’s decision “bolsters the commission’s power” to monitor and regulate cybersecurity efforts even at a time when the Congress has yet to pass data security mandates. As the paper noted, many of the FTC’s motions in dozens of cybercrime cases have ended with settlements. The Wyndham case has been different, as the hotel chain has contested the FTC's claims.
Among the allegations by the FTC are that Wyndham failed to protect data via firewalls and other technology and used outdated software. Wyndham for its part has argued that the FTC has overstepped its boundaries.
In a release following the court’s ruling, FTC Chairwoman Edith Ramirez stated that the result “reaffirms the FTC’s authority to hold companies accountable for failing to safeguard consumer data. It is not only appropriate, but critical,” continued the chairwoman, “that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information.”
For more on today's happenings in digital security, check out PYMNTS' Digital Identity Tracker.