FTC pushes to regulate corporate cyber security

As reported in the Wall Street Journal (Tuesday, April 8, 2014), United States District Court Judge Esther Salas in New Jersey has rejected claims by Wyndham Worldwide Corp. that the FTC does not have power to regulate corporate data security issues.  According to the WSJ, the federal court ruled on Monday that the FTC’s authority allowed it to bring the lawsuit against Wyndham Worldwide Corp. alleging that several IT problems at Wyndham hotels created an insecure computer server, which was hacked and resulted in the personal information of thousands of the hotel chain’s customers being compromised.

According to the WSJ, the FTC has brought dozens of data security cases, most of which have settled, which means that this is a test case whereby Wyndham Worldwide Corp. is challenging the authority of the FTC to regulate cyber security matters with regard to individual corporations.

It is noteworthy that the court has not ruled on the merits of the charges by the FTC, but rather, has permitted the case to move forward in the court.  It is expected that Wyndham Worldwide Corp. will raise a vigorous defense in this matter. 

Attorneys Brian L. Champion and Timothy J. O’Brien, both partners at Libby O’Brien Kingsley & Champion, LLC, counsel employers and other businesses on information privacy and data security issues.