Wyndham vs. FTC: Corporate security pros need to lawyer up about data breach protection, experts say

U.S. court ruling says FTC does have the authority to punish businesses over stolen customer data

FTC website
Gil C / Shutterstock.com

Corporate security executives need to meet with their legal teams to find out whether the way they protect customer data will keep them out of trouble with the Federal Trade Commission should that information be compromised in a data breach.

Based on a U.S. Circuit Court of Appeals decision yesterday, the best course of action is to learn what kinds of actions the FTC has taken in the past – and why - against companies whose defenses are cracked and whose customer data is stolen.

Lisa Sotto

Lisa Sotto

Then organizations should take steps to make sure security meets “reasonable industry standards,” says Lisa Sotto, an attorney with Hunton & Williams who focuses on privacy and cybersecurity law.

That’s because the court says it’s OK for the FTC to find businesses at fault for data breaches and to tie them up with consent decrees that force them to submit to third-party security assessments every two years for 20 years, she says.


Copyright © 2015 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)