FTC can sue companies with poor information security, appeals court says

On Monday, a federal appeals court ruled that the Federal Trade Commission (FTC) has the power to take action (PDF) against companies that employ poor IT security practices. The ruling, from the United States Court of Appeals for the Third Circuit, came as part of a lawsuit between the FTC and Wyndham Worldwide Corporation, which manages a collection of hotels throughout the US.

In 2008 and 2009, Wyndham suffered three different breaches of its network, ultimately losing payment card information for more than 619,000 customers and causing $10.6 million in loss due to fraud. The FTC sued Wyndham in 2012 for failing to protect its customers from hackers, and Wyndham countered by saying that it was a victim of the hack itself and should not be penalized by the FTC for the breach.

The Philadelphia-based appeals court allowed the FTC’s case against Wyndham to go forward in district court, and it noted that the FTC could use its authority to pursue “cybersecurity” cases under 15 U.S.C. Sec.45, part of a 1914 law that gives the FTC the power to prohibit “unfair or deceptive acts or practices in or affecting commerce.”

Read full article on Ars Technica…

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s