This article was published on August 24, 2015

Judge rules FTC has the authority to govern corporate cybersecurity


Judge rules FTC has the authority to govern corporate cybersecurity

A U.S. appeals court has ruled the FTC can govern corporate cybersecurity. Citing a law established in 1914 allowing the FTC protect customers from unfair or deceptive trade practices, Circuit Judge Thomas Ambro said the agency can intervene when necessary.

The ruling comes as the FTC considers legal action against Wyndham Worldwide, a corporation that operates Days Inn, Howard Johnson, Ramada, Super 8 and Travelodge.

Between 2008 and 2009, hackers broke into Wyndham’s system and sniped credit card and personal info from some 619,000 customers.

The FTC sued Wyndham in 2012, accusing it of not safeguarding customer data. In this latest ruling, Judge Ambro said Wyndham failed to show its conduct “falls outside the plain meaning of ‘unfair’.”

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

The Judge also swatted away Wyndham’s assertion it lacked fair notice from the FTC its security methods were inadequate.

In his ruling, Ambro wrote “it invites the tart retort that, were Wyndham a supermarket, leaving so many banana peels all over the place that 619,000 customers fall hardly suggests it should be immune from liability.”

FTC has authority to police cybersecurity: U.S. appeals court [Reuters]

Get the TNW newsletter

Get the most important tech news in your inbox each week.