Wyndham case confirms data security is a default not an option
1 October 2015
After a series of cyber-attacks in 2008 and 2009 which caused customers of Wyndham Worldwide Hotels to have their credit card details and personal information unlawfully obtained and in some cases to then receive ransom demands, complaints were made to the company which delayed in responding to them and ultimately the matter was passed to the Federal Trade Commission (FTC).
The FTC held Wyndham Worldwide liable for failing to implement “reasonable protections”.
Wyndham brought proceedings in the Courts against the FTC claiming that they had no authority to adjudicate on the level of cyber security that Wyndham had or had not in place.
In the Third Circuit decision on 24th August 2015 the Federal Court reaffirmed the power of the FTC to enforce against Wyndham claiming that Wyndham had committed “unfair or deceptive acts or practices by failing to implement adequate cyber security”.
Edith Ramirez, the FTC Chairperson recently stated that the decision of the Federal Court “reaffirms the FTC’s authority to hold companies accountable for failing to safeguard consumer data.”
Data security is now a default and not an option!
This article was written by Robert Bond. For more information please contact Robert on +44 (0)20 7427 6660 or at firstname.lastname@example.org