Court Upholds FTC’s Power to Sue Hacked Companies

A federal court rejects a bid from Wyndham Hotels to undercut federal authority over data security.

Wyndham hotel in Pittsburgh, Pa.
National Journal
Brendan Sasso
Add to Briefcase
See more stories about...
Brendan Sasso
April 7, 2014, 12:56 p.m.

The Fed­er­al Trade Com­mis­sion has the power to sue com­pan­ies that fail to pro­tect their cus­tom­ers’ data, a fed­er­al court in New Jer­sey said Monday.

The rul­ing shoots down a chal­lenge from Wyndham Ho­tels, which ar­gued that the FTC over­stepped its au­thor­ity with a 2012 law­suit against the glob­al hotel chain.

The de­cision by U.S. Dis­trict Court Judge Es­th­er Salas is a ma­jor win for the agency. If the court had sided with Wyndham, it would have stripped the fed­er­al gov­ern­ment of over­sight of data se­cur­ity prac­tices just as hack­ers be­gin to pull off more and more high-pro­file at­tacks.

Salas said her de­cision “does not give the FTC a blank check to sus­tain a law­suit against every busi­ness that has been hacked,” but that she must fol­low the “bind­ing and per­suas­ive pre­ced­ent” to up­hold the agency’s au­thor­ity.

The FTC is cur­rently in­vest­ig­at­ing Tar­get over the massive hack last year that ex­posed in­form­a­tion on 40 mil­lion cred­it cards. Tar­get could have pre­ven­ted the at­tack with bet­ter se­cur­ity prac­tices, ac­cord­ing to a re­cent re­port from the Sen­ate Com­merce Com­mit­tee.

The FTC has sued dozens of com­pan­ies in re­cent years for fail­ing to take reas­on­able steps to pro­tect cus­tom­er data. The agency says it has the au­thor­ity to po­lice data se­cur­ity prac­tices be­cause Con­gress gave it power over “un­fair” busi­ness prac­tices.

The FTC sued Wyndham in 2012, main­tain­ing that the hotel chain didn’t use ba­sic se­cur­ity meas­ures such as fire­walls, com­plex pass­words, or sep­ar­at­ing net­works in dif­fer­ent loc­a­tions. As a res­ult, hack­ers were able to pen­et­rate a com­puter net­work in a Wyndham hotel in Phoenix and ul­ti­mately make off with in­form­a­tion on 500,000 cred­it cards, the FTC charged.

Wyndham asked the fed­er­al court to throw out the suit, ar­guing that in­ad­equate data se­cur­ity prac­tices aren’t “un­fair” un­der the leg­al defin­i­tion. The com­pany also claimed the FTC should have pub­lished clear rules on data se­cur­ity be­fore fil­ing suit.

But Judge Salas said she wouldn’t “carve out a data-se­cur­ity ex­cep­tion” to the FTC’s power over un­fair prac­tices. She also con­cluded that the agency isn’t re­quired to spell-out spe­cif­ic data se­cur­ity rules. 

Al­though the court dis­missed Wyndham’s at­tempt to block the suit, the FTC will still have to prove the charges.  

FTC Chair­wo­man Edith Ramirez said she’s “pleased” with the de­cision and looks for­ward to try­ing the case against Wyndham. 

“Com­pan­ies should take reas­on­able steps to se­cure sens­it­ive con­sumer in­form­a­tion,” she said. “When they do not, it is not only ap­pro­pri­ate but crit­ic­al that the FTC take ac­tion on be­half of con­sumers.”

Mi­chael Valentino, a Wyndham spokes­man, noted that the de­cision is lim­ited to the FTC’s power and does not ad­dress wheth­er Wyndham broke the law.   “We con­tin­ue to be­lieve the FTC lacks the au­thor­ity to pur­sue this type of case against Amer­ic­an busi­nesses, and has failed to pub­lish any reg­u­la­tions that would give such busi­nesses fair no­tice of any pro­posed stand­ards for data se­cur­ity,” he said. “We in­tend to de­fend our po­s­i­tion vig­or­ously.”  

Mi­chael Valentino, a Wyndham spokes­man, noted that the de­cision is lim­ited to the FTC’s power and does not ad­dress wheth­er Wyndham broke the law.

“We con­tin­ue to be­lieve the FTC lacks the au­thor­ity to pur­sue this type of case against Amer­ic­an busi­nesses, and has failed to pub­lish any reg­u­la­tions that would give such busi­nesses fair no­tice of any pro­posed stand­ards for data se­cur­ity,” he said. “We in­tend to de­fend our po­s­i­tion vig­or­ously.” 

Al­though the FTC can or­der com­pan­ies to change their busi­ness prac­tices, the agency has no fin­ing au­thor­ity. Demo­crats are push­ing sev­er­al bills in Con­gress that would ex­pand the FTC’s au­thor­ity over data se­cur­ity, in­clud­ing give the agency the power to fine com­pan­ies for non­com­pli­ance.

What We're Following See More »
STAKES ARE HIGH
Debate Could Sway One-Third of Voters
3 hours ago
THE LATEST

"A new Wall Street Journal/NBC News poll found that 34% of registered voters think the three presidential debates would be extremely or quite important in helping them decide whom to support for president. About 11% of voters are considered 'debate persuadables'—that is, they think the debates are important and are either third-party voters or only loosely committed to either major-party candidate."

Source:
YOU DON’T BRING ME FLOWERS ANYMORE
Gennifer Flowers May Not Appear After All
3 hours ago
THE LATEST

Will he or won't he? That's the question surrounding Donald Trump and his on-again, off-again threats to bring onetime Bill Clinton paramour Gennifer Flowers to the debate as his guest. An assistant to flowers initially said she'd be there, but Trump campaign chief Kellyanne Conway "said on ABC’s 'This Week' that the Trump campaign had not invited Flowers to the debate, but she didn’t rule out the possibility of Flowers being in the audience."

Source:
HAS BEEN OFF OF NEWSCASTS FOR A WEEK
For First Debate, Holt Called on NBC Experts for Prep
4 hours ago
THE DETAILS

NBC's Lester Holt hasn't hosted the "Nightly News" since Tuesday, as he's prepped for moderating the first presidential debate tonight—and the first of his career. He's called on a host of NBC talent to help him, namely NBC News and MSNBC chairman Andy Lack; NBC News president Deborah Turness; the news division's senior vice president of editorial, Janelle Rodriguez; "Nightly News" producer Sam Singal, "Meet the Press" host Chuck Todd, senior political editor Mark Murray and political editor Carrie Dann. But during the debate itself, the only person in Holt's earpiece will be longtime debate producer Marty Slutsky.

Source:
WHITE HOUSE PROMISES VETO
House Votes to Bar Cash Payments to Iran
4 hours ago
THE DETAILS

"The House passed legislation late Thursday that would prohibit the federal government from making any cash payments to Iran, in protest of President Obama's recently discovered decision to pay Iran $1.7 billion in cash in January. And while the White House has said Obama would veto the bill, 16 Democrats joined with Republicans to pass the measure, 254-163."

Source:
NO SURPRISE
Trump Eschewing Briefing Materials in Debate Prep
4 hours ago
THE DETAILS

In contrast to Hillary Clinton's meticulous debate practice sessions, Donald Trump "is largely shun­ning tra­di­tion­al de­bate pre­par­a­tions, but has been watch­ing video of…Clin­ton’s best and worst de­bate mo­ments, look­ing for her vul­ner­ab­il­it­ies.” Trump “has paid only curs­ory at­ten­tion to brief­ing ma­ter­i­als. He has re­fused to use lecterns in mock de­bate ses­sions des­pite the ur­ging of his ad­visers. He prefers spit­balling ideas with his team rather than hon­ing them in­to crisp, two-minute an­swers.”

Source:
×