Earlier this week, U.S. District Court Judge Esther Salas directed the Federal Trade Commission (“FTC”) and Wyndham Hotels and Resorts to seek mediation to resolve their landmark dispute over whether the FTC has the authority to regulate companies’ data-security practices.  As we’ve previously reported, the FTC alleged that Wyndham violated Section 5 of the FTC Act’s prohibition against “unfair practices” by failing to provide “reasonable” security for the personal information of its customers.  Although the FTC has settled complaints relying on this broad interpretation of its unfairness authority, this case was closely watched because it was the first time a court had the opportunity to weigh in on the scope of that authority in the privacy and data-security context.

Although not necessarily unprecedented, the mediation order has been cited by some as unusual because the case presents a legal question underpinning a major enforcement and policy priority for the FTC.  To the extent, however, that parties traditionally are required to mediate in order to “conserve [judicial] resources,” as was stated in Judge Salas’s order, mediation may help narrow or further focus the dispute.

Following Judge Salas’s earlier denial of Wyndham’s motion to dismiss, in which she rejected each of Wyndham’s challenges to the FTC’s authority, the U.S. Court of Appeals for the Third Circuit agreed to consider the issue on interlocutory review.  Therefore, while the order for mediation stays the proceedings in district court, the legal question at issue remains pending before the circuit court.