Today, a ruling was issued in FTC v. Wyndham Worldwide Corp. The court denied Wyndham's motion to dismiss, rejecting its argument that the Federal Trade Commission does not have authority under Section 5 of the FTC Act to regulate data security practices across all industries.
The U.S. District Court for the District of New Jersey declined to carve out a data-security exception to the FTC's broad regulatory authority under Section 5. It also refused to require the FTC to promulgate data security regulations before bringing "unfairness" claims against companies based on their data security practices, noting that previous enforcement actions "'constitute a body of experience and informed judgment to which courts and litigants may properly resort for guidance.'"
U.S. District Judge Esther Salas made clear that "this decision does not give the FTC a blank check to sustain a lawsuit against every business that has been hacked." However, the ruling disposes of the only viable challenge to the FTC's authority to regulate data security practices.
FTC Chairwoman Edith Ramirez issued a statement on the ruling via Twitter:
Pleased the court recognized @FTC’s authority to hold biz accountable for safeguarding consumer data & look forward to trying this case.
— Edith Ramirez (@EdithRamirezFTC) April 7, 2014Biz should take reasonable steps to secure sensitive consumer info. When they don't, the @FTC will take action on behalf of consumers.
— Edith Ramirez (@EdithRamirezFTC) April 7, 2014
0 comments:
Post a Comment