In what many are calling an important ruling, a federal court in New Jersey has shot down a challenge to the Federal Trade Commission (FTC) by Wyndham Hotels. In a motion to dismiss, Wyndham argued the FTC overstepped its authority by suing the company for poor data security practices. The ruling by U.S. District Court Judge Esther Salas, however, denied the hotel chain’s argument, saying the case can move forward. Salas noted her ruling “does not give the FTC a blank check to sustain a lawsuit against every business that has been hacked” but added there is “binding and persuasive precedent” upholding the FTC’s authority. FTC Chairwoman Edith Ramirez and Commissioner Julie Brill took to Twitter to applaud the court ruling.
Pleased the court recognized @FTC’s authority to hold biz accountable for safeguarding consumer data & look forward to trying this case. — Edith Ramirez (@EdithRamirezFTC) April 7, 2014
FTC defeats Wyndham's motion to dismiss, vindicating our efforts to ensure businesses take reasonable steps to secure consumers' data. — JulieBrillFTC (@JulieBrillFTC) April 7, 2014
I'm pleased Judge Salas of NJ federal court court recognized FTC's authority to hold biz accountable for safeguarding consumer data. — JulieBrillFTC (@JulieBrillFTC) April 7, 2014
Though the ruling is certainly a victory for the agency, the FTC will still have to prove its charges as the case proceeds. NationalJournal reports Wyndham’s Michael Valentino said, “We continue to believe the FTC lacks authority to pursue this type of case against American businesses, and has failed to publish any regulations that would give such businesses fair notice of any proposed standards for data security,” adding, “We intend to defend our position vigorously.” On Hogan Lovells’ Chronicle of Data Protection blog, Harriet Pearson, CIPP/US, and Bret Cohen wrote, “Although (the decision) only represents one district court’s findings on the issue, and was not a complete surprise given some of the judge’s statements during oral argument, the decision means that the (FTC) for now maintains its status as the lead commercial data security regulator in the United States.” Additionally, they add, “In effect, this ruling gives a judicial stamp of approval to the FTC’s ongoing enforcement of commercial data security practices.” In another blog post entitled, “One of the Most Important Data Security Cases Was Just Decided: FTC v. Wyndham,” George Washington Law Prof. Daniel Solove writes, “Where do things go from here? The FTC can continue on its current trajectory. Perhaps it will be emboldened by this victory … But for now, the FTC has won a big battle and has done so with a decisive victory.”