A U.S. appeals court has ruled the FTC can govern corporate cybersecurity. Citing a law established in 1914 allowing the FTC protect customers from unfair or deceptive trade practices, Circuit Judge Thomas Ambro said the agency can intervene when necessary.
The ruling comes as the FTC considers legal action against Wyndham Worldwide, a corporation that operates Days Inn, Howard Johnson, Ramada, Super 8 and Travelodge.
Between 2008 and 2009, hackers broke into Wyndham’s system and sniped credit card and personal info from some 619,000 customers.
The FTC sued Wyndham in 2012, accusing it of not safeguarding customer data. In this latest ruling, Judge Ambro said Wyndham failed to show its conduct “falls outside the plain meaning of ‘unfair’.”
The Judge also swatted away Wyndham’s assertion it lacked fair notice from the FTC its security methods were inadequate.
In his ruling, Ambro wrote “it invites the tart retort that, were Wyndham a supermarket, leaving so many banana peels all over the place that 619,000 customers fall hardly suggests it should be immune from liability.”