Last week, New Jersey was part of a groundbreaking case that may have a far reaching impact on businesses throughout the county. On April 7th, United States Judge Esther Salas of the New Jersey District Court released her decision on whether a lawsuit filed by the Federal Trade Commission (FTC) against Wyndham Worldwide Corporation would be dismissed. The lawsuit stemmed from data breaches that Wyndham suffered between April 2008 and January 2010. According to the FTC, Wyndham’s breaches were caused by the company failing to utilize basic security procedures. As a result, the FTC alleges that Wyndham violated Section 5 of the Federal Trade Act which prohibits unfair and deceptive practices. Wyndham challenged the FTC’s authority to bring an action for unfair and deceptive practices by arguing that the FTC lacked the power to regulate data security. Part of Wyndham’s argument was that the FTC itself had requested that Congress pass data-security legislation. Wyndham naturally wondered how the FTC could request Congress to provide it regulatory authority and then file a lawsuit without the same authority it sought from Congress. Ultimately, Judge Salas ruled in favor of the FTC and allowed the case against Wyndham to proceed. Judge Salas’s decision is likely to have significant consequences for companies that hold large amounts of consumer data. The Wyndham decision is a wake up call for companies to review their data security policies to ensure that their security protocols comply with industry best practices.
About the author: Andrew P. Bolson, Esq. is an attorney with Meyerson, Fox, Mancinelli & Conte, P.A. in Montvale, New Jersey. Andrew’s practice focuses on commercial and estate litigation, business law, real estate law, estate planning and privacy and Internet law.