Advertising Disclosure Email Disclosure

The FTC has authority to sue companies for failure to maintain proper cyber security practices as “unfair” practices.

October 2, 2015
FTC v. Wyndham Worldwide Corp., 2015 U.S. App. LEXIS 14839 (3d. Cir. Aug. 24, 2015)

In this matter, the Third Circuit found that the FTC has authority to regulate cyber security as “unfair” practices under Section 45(a) of the Federal Trade Commission Act (Section 45(a)). The defendant, a hotel chain, experienced cyber security breaches on three separate occasions, exposing hundreds of thousands of consumers’ personal and financial information to hackers. As a result, the FTC filed a lawsuit in District Court against the defendant, alleging the defendant’s conduct related to its lack of cyber security protection was an “unfair” practice under Section 45(a). In asserting its claim, the FTC pointed to a number of issues with the defendant’s cyber security practices, including its failure to update its operating systems, lack of secure passwords, and its failure to limit the access of third-party vendors to its network. The District Court ruled in favor of the FTC, finding that it has authority to regulate companies’ cyber security measures. In upholding that decision, the Third Circuit held that proving “unfair” practices under Section 45(a) does not require a showing of unethical or unscrupulous conduct and can include cyber security practices. The court further noted that, just because the defendant was also a victim of the cyber crimes of others, did not make it immune to liability to the FTC.

 

Case Law Alerts, 4th Quarter, October 2015

Case Law Alerts is prepared by Marshall Dennehey Warner Coleman & Goggin to provide information on recent legal developments of interest to our readers. This publication is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. Copyright © 2015 Marshall Dennehey Warner Coleman & Goggin, all rights reserved. This article may not be reprinted without the express written permission of our firm.

Before you send this email please note:

You are attempting to send email, through a link on our website, to an attorney of Marshall Dennehey Warner Coleman & Goggin or an employee in our firm. Please note that your email may not be treated as confidential and does not create an attorney-client relationship. You should not rely upon the transmission of an email through this website if you are seeking to enter into such a relationship. Until such time as we have agreed to represent you, no information in your email will be treated as confidential. Please contact us directly by telephone at 1.800.220.3308 if it is your intent to seek legal counsel with our firm or convey confidential information.

If it is still your intent to send this email, knowing that it may not be treated as confidential, you may accept our terms of agreement by pressing "OK". If you choose not to accept these terms of agreement you may navigate away from this page by pressing "Cancel."