On December 9, 2015, the Federal Trade Commission (FTC), with the agreement of Wyndham Hotels and Resorts (“Wyndham”), filed a stipulated order for injunction (“Consent Order”) in the U.S. District Court for the District of New Jersey to resolve the high-profile litigation concerning the hotel chain’s protection of consumers’ financial information. The Consent Order is expected to be entered by U.S. District Judge Esther Salas without much delay.
As we described in an earlier Client Alert, on August 24, 2015, the Third Circuit Court of Appeals issued a much-awaited decision in the case,1 holding that the FTC has authority to regulate “unfair” or “deceptive” cybersecurity practices under Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45(a). Wyndham’s appeal was the most significant challenge to the FTC’s cybersecurity authority to date, and the Third Circuit’s decision, followed by a stipulated injunction against Wyndham, confirms the FTC’s role as a leading cybersecurity regulator. With Wyndham’s legal challenges behind it, the FTC may step up its enforcement activities, both independently and in collaboration with the Federal Communications Commission (FCC), which has recently emerged as another significant cybersecurity regulator.
Please see full publication below for more information.