Court Upholds FTC’s Power to Sue Hacked Companies

A federal court rejects a bid from Wyndham Hotels to undercut federal authority over data security.

Wyndham hotel in Pittsburgh, Pa.
National Journal
Brendan Sasso
April 7, 2014, 12:56 p.m.

The Fed­er­al Trade Com­mis­sion has the power to sue com­pan­ies that fail to pro­tect their cus­tom­ers’ data, a fed­er­al court in New Jer­sey said Monday.

The rul­ing shoots down a chal­lenge from Wyndham Ho­tels, which ar­gued that the FTC over­stepped its au­thor­ity with a 2012 law­suit against the glob­al hotel chain.

The de­cision by U.S. Dis­trict Court Judge Es­th­er Salas is a ma­jor win for the agency. If the court had sided with Wyndham, it would have stripped the fed­er­al gov­ern­ment of over­sight of data se­cur­ity prac­tices just as hack­ers be­gin to pull off more and more high-pro­file at­tacks.

Salas said her de­cision “does not give the FTC a blank check to sus­tain a law­suit against every busi­ness that has been hacked,” but that she must fol­low the “bind­ing and per­suas­ive pre­ced­ent” to up­hold the agency’s au­thor­ity.

The FTC is cur­rently in­vest­ig­at­ing Tar­get over the massive hack last year that ex­posed in­form­a­tion on 40 mil­lion cred­it cards. Tar­get could have pre­ven­ted the at­tack with bet­ter se­cur­ity prac­tices, ac­cord­ing to a re­cent re­port from the Sen­ate Com­merce Com­mit­tee.

The FTC has sued dozens of com­pan­ies in re­cent years for fail­ing to take reas­on­able steps to pro­tect cus­tom­er data. The agency says it has the au­thor­ity to po­lice data se­cur­ity prac­tices be­cause Con­gress gave it power over “un­fair” busi­ness prac­tices.

The FTC sued Wyndham in 2012, main­tain­ing that the hotel chain didn’t use ba­sic se­cur­ity meas­ures such as fire­walls, com­plex pass­words, or sep­ar­at­ing net­works in dif­fer­ent loc­a­tions. As a res­ult, hack­ers were able to pen­et­rate a com­puter net­work in a Wyndham hotel in Phoenix and ul­ti­mately make off with in­form­a­tion on 500,000 cred­it cards, the FTC charged.

Wyndham asked the fed­er­al court to throw out the suit, ar­guing that in­ad­equate data se­cur­ity prac­tices aren’t “un­fair” un­der the leg­al defin­i­tion. The com­pany also claimed the FTC should have pub­lished clear rules on data se­cur­ity be­fore fil­ing suit.

But Judge Salas said she wouldn’t “carve out a data-se­cur­ity ex­cep­tion” to the FTC’s power over un­fair prac­tices. She also con­cluded that the agency isn’t re­quired to spell-out spe­cif­ic data se­cur­ity rules. 

Al­though the court dis­missed Wyndham’s at­tempt to block the suit, the FTC will still have to prove the charges.  

FTC Chair­wo­man Edith Ramirez said she’s “pleased” with the de­cision and looks for­ward to try­ing the case against Wyndham. 

“Com­pan­ies should take reas­on­able steps to se­cure sens­it­ive con­sumer in­form­a­tion,” she said. “When they do not, it is not only ap­pro­pri­ate but crit­ic­al that the FTC take ac­tion on be­half of con­sumers.”

Mi­chael Valentino, a Wyndham spokes­man, noted that the de­cision is lim­ited to the FTC’s power and does not ad­dress wheth­er Wyndham broke the law.   “We con­tin­ue to be­lieve the FTC lacks the au­thor­ity to pur­sue this type of case against Amer­ic­an busi­nesses, and has failed to pub­lish any reg­u­la­tions that would give such busi­nesses fair no­tice of any pro­posed stand­ards for data se­cur­ity,” he said. “We in­tend to de­fend our po­s­i­tion vig­or­ously.”  

Mi­chael Valentino, a Wyndham spokes­man, noted that the de­cision is lim­ited to the FTC’s power and does not ad­dress wheth­er Wyndham broke the law.

“We con­tin­ue to be­lieve the FTC lacks the au­thor­ity to pur­sue this type of case against Amer­ic­an busi­nesses, and has failed to pub­lish any reg­u­la­tions that would give such busi­nesses fair no­tice of any pro­posed stand­ards for data se­cur­ity,” he said. “We in­tend to de­fend our po­s­i­tion vig­or­ously.” 

Al­though the FTC can or­der com­pan­ies to change their busi­ness prac­tices, the agency has no fin­ing au­thor­ity. Demo­crats are push­ing sev­er­al bills in Con­gress that would ex­pand the FTC’s au­thor­ity over data se­cur­ity, in­clud­ing give the agency the power to fine com­pan­ies for non­com­pli­ance.

What We're Following See More »
PROCEDURES NOT FOLLOWED
Trump Not on Ballot in Minnesota
4 days ago
THE LATEST
MOB RULE?
Trump on Immigration: ‘I Don’t Know, You Tell Me’
4 days ago
THE LATEST

Perhaps Donald Trump can take a plebiscite to solve this whole messy immigration thing. At a Fox News town hall with Sean Hannity last night, Trump essentially admitted he's "stumped," turning to the audience and asking: “Can we go through a process or do you think they have to get out? Tell me, I mean, I don’t know, you tell me.”

Source:
BIG CHANGE FROM WHEN HE SELF-FINANCED
Trump Enriching His Businesses with Donor Money
6 days ago
WHY WE CARE

Donald Trump "nearly quintupled the monthly rent his presidential campaign pays for its headquarters at Trump Tower to $169,758 in July, when he was raising funds from donors, compared with March, when he was self-funding his campaign." A campaign spokesman "said the increased office space was needed to accommodate an anticipated increase in employees," but the campaign's paid staff has actually dipped by about 25 since March. The campaign has also paid his golf courses and restaurants about $260,000 since mid-May.

Source:
QUESTIONS OVER IMMIGRATION POLICY
Trump Cancels Rallies
6 days ago
THE LATEST

Donald Trump probably isn't taking seriously John Oliver's suggestion that he quit the race. But he has canceled or rescheduled rallies amid questions over his stance on immigration. Trump rescheduled a speech on the topic that he was set to give later this week. Plus, he's also nixed planned rallies in Oregon and Las Vegas this month.

Source:
‘STRATEGY AND MESSAGING’
Sean Hannity Is Also Advising Trump
1 weeks ago
THE LATEST

Donald Trump's Fox News brain trust keeps growing. After it was revealed that former Fox chief Roger Ailes is informally advising Trump on debate preparation, host Sean Hannity admitted over the weekend that he's also advising Trump on "strategy and messaging." He told the New York Times: “I’m not hiding the fact that I want Donald Trump to be the next president of the United States. I never claimed to be a journalist.”

Source:
×