Appeals Courts Upholds FTC’s Cybersecurity Oversight

August 26, 2015 – In The News
Corporate Counsel

Scott L. Vernick was quoted in the Corporate Counsel article, “Appeals Courts Upholds FTC's Cybersecurity Oversight.” Full text can be found in the August 26, 2015, issue, but a synopsis is below.

The U.S. Court of Appeals for the Third Circuit has ruled that the Federal Trade Commission (FTC) can move forward with a lawsuit against Wyndham Worldwide Corp. for three breaches in which more than 600,000 credit- and debit-card numbers were stolen by hackers.

The case alleges the hotel chain violated Section 5 of the FTC Act by misrepresenting the security measures it takes to protect customers’ personal information.

“What this case clarifies is that the FTC can come after you under the ‘deceptive’ and the ‘unfair’ prongs of the Act,” said Scott Vernick, a noted privacy attorney.

While Vernick says the ruling didn’t really break new ground legally since the FTC has been targeting companies for cybersecurity shortcomings for a while, the case is important in that it reaffirms the commission’s legal right to do so.

The Wyndham case serves as a reminder that companies should ensure that policies about consumer data privacy and the security of networks match the actual strength of security systems and the amount the company invests in data security.

“I think the FTC carefully picks and chooses which companies it goes after,” Vernick said. “If you’re saying one thing to the public and doing another, you are painting a target on your back.”

Click here to view the full article.