In a motion to dismiss that was denied in April 2014, Wyndham essentially argued that Congress never granted the FTC such broad authority to regulate in this area, and even if it did, the FTC has not provided businesses with fair notice of what data security practices it believes the FTC Act forbids or requires. A court decision in favor of Wyndham and limiting the FTC investigative and enforcement powers would have had a profound impact on data privacy and security law enforcement. But the court denied Wyndham’s motion and affirmed the FTC’s enforcement authority including claims of inadequate data security. On December 9, 2015, Wyndham entered into a settlement agreement with the FTC that, among other things, requires the establishment of a comprehensive information security program designed to protect cardholder data that conform to PCI-DSS, annual information security audits, and safeguards in connection with franchisee servers. The Wyndham obligations remain in effect for 20 years. Unique Issues for Franchised or Fragmented Businesses. The Wyndham case also highlights the unique issues for franchised or licensing-based systems relative to legal compliance with data privacy and security laws. Computer systems that are fully integrated or that stand-alone and that collect personal data may hold differing legal risks in the event of a data breach. These liability issues should be carefully considered when establishing the computer systems, data access, and the relevant agreements between the various parties. The 20 year FTC/ Wyndham settlement agreement requires the company to conduct annual information security audits and maintain safeguards in connection with franchisee servers. FTC Setback. Just weeks before the Wyndham settlement, the FTC lost a case it had brought against cancer screening laboratory LabMD. The laboratory had been accused of two data breaches when a company spreadsheet with sensitive personal information was found on a peer-to- peer network. On November 13, 2015, after seven years of litigation, an
31
Made with FlippingBook - Online Brochure Maker