Wyndham Hotels and Resorts has agreed to settle the FTC’s charges that its corporate data security practices were deficient under the unfairness prong of Section 5 of the FTC Act.  Assuming the district court approves the proposed stipulated consent order, this concludes the litigation between Wyndham and the FTC.  Under
Continue Reading Wyndham Settles FTC Charges

The Third Circuit released its decision in FTC v. Wyndham Worldwide Corp. earlier today, affirming the district court’s decision that the FTC has the authority to regulate companies’ data security practices under the “unfair practices” prong of Section 5 of the FTC Act.  The highly anticipated precedential opinion dismissed Wyndham’s arguments that the FTC lacks the authority to regulate cybersecurity practices, finding instead that neither Congressional legislation nor the FTC’s prior statements contradicted the FTC’s attempts to assert its cybersecurity powers.  The court also held that Wyndham received fair notice of the potential application of the unfairness standard under Section 5 to data security practices, rejecting Wyndham’s argument that it should receive notice of which specific cybersecurity practices are required to satisfy the Section 5 standard.  Finally, the court held that the FTC sufficiently alleged a “substantial injury” to consumers, as required under Section 5’s unfairness prong.  An analysis of the highlights of the Third Circuit’s opinion is available after the jump.
Continue Reading Third Circuit Upholds FTC’s Data Security Authority in FTC v. Wyndham

On Friday, March 27, 2015, the Federal Trade Commission and Wyndham Worldwide Corp. filed supplemental briefing in the Third Circuit regarding whether the FTC had made an adjudicative decision that the FTC Act prohibits unreasonable cybersecurity practices and, if not, whether a federal court could hear a case charging a
Continue Reading FTC and Wyndham Present Arguments on Whether FTC has Declared Unreasonable Cybersecurity Practices Unfair

Today, the U.S. Court of Appeals for the Third Circuit heard oral arguments in FTC v. Wyndham Worldwide Corp. The court focused on several themes: First, whether Congress has entrusted the FTC to define new unfair practices, whether the FTC has declared that unreasonable cybersecurity practices are unfair, and whether the FTC is asking the Third Circuit to declare that unreasonable cybersecurity practices are unfair in the first instance; second, the existence and enforcement of cybersecurity standards; and finally, what is proper jurisdiction under FTC Act Section 13(b).

Eugene Assaf argued for Wyndham Worldwide Corp., and Joel Marcus argued for the FTC. The judges on the panel are Thomas L. Ambro, Jane R. Roth and Anthony J. Scirica.Continue Reading Wyndham Oral Argument: Third Circuit Expresses Doubt About FTC’s Data Security Authority

On February 20, the Third Circuit sent a letter to counsel in FTC v. Wyndham Worldwide Corp., identifying at least one topic that will be addressed in the upcoming oral argument regarding the parties’ dispute over whether the FTC has the authority to regulate companies’ data security practices: whether
Continue Reading Wyndham: Third Circuit Requests Briefing on Whether FTC Declared Unreasonable Cybersecurity Practices Are ‘Unfair’

Earlier this week, U.S. District Court Judge Esther Salas directed the Federal Trade Commission (“FTC”) and Wyndham Hotels and Resorts to seek mediation to resolve their landmark dispute over whether the FTC has the authority to regulate companies’ data-security practices.  As we’ve previously reported, the FTC alleged that Wyndham
Continue Reading FTC and Wyndham to Mediate Dispute Over FTC Data-Security Authority

Last week, a federal judge in the District of New Jersey denied Wyndham Hotels and Resorts’ motion to dismiss the FTC’s complaint alleging Wyndham violated the FTC Act by failing to provide reasonable security for its customers’ personal information.  This Covington E-Alert provides a detailed look at the parties’ arguments

Continue Reading Breaking Down the Court’s Decision in FTC v. Wyndham Worldwide Corp.

Earlier today, in a long-awaited decision, Judge Salas of the District of New Jersey denied Wyndham Hotels and Resorts’ motion to dismiss a Federal Trade Commission (“FTC”) lawsuit alleging Wyndham violated Section 5 of the FTC Act by failing to provide “reasonable” security for the personal information of its customers. 

Continue Reading Judge Denies Wyndham’s Motion to Dismiss, Allowing FTC’s Case to Proceed

Today, the Federal Trade Commission is defending its authority to enforce Section 5 of the FTC Act against  Wyndham Hotels in connection with alleged lax data security procedures.  Following several publicized data security breaches, the FTC investigated Wyndham and concluded that the hotel company failed to employ “reasonable and appropriate&rdquo

Continue Reading The Wyndham Case is Being Argued Today: Why You Should Care