- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
July 7th, 2014
Can FTC Bring “Unfairness” Claims in Alleged Data Security Breach Cases?
That's the important question currently before a federal appeals court - a question with huge implications for advertisers and other custodians of sensitive customer data. How did the question arise?
In 2013, the FTC sued Wyndham Worldwide Corporation ("Wyndham") over security breaches of the Wyndham computer systems that allegedly leaked 619,000 customers' personal information, including payment card account numbers, expiration dates, and security codes. The FTC alleged that, after discovering two previous security breaches of its systems by outside hackers, Wyndham "failed to take appropriate steps in a reasonable time frame" to prevent a third compromise of its network, failed to employ reasonable and appropriate measures to protect consumers' personal information against unauthorized access, and that such failures constituted practices that were not only "deceptive" but also "unfair" under Section 5 of the FTC Act.
Wyndham moved to dismiss the FTC's complaint, but a federal trial court denied the motion. In her April 2014 decision, U.S. District Judge Esther Salas found, for the first time, that the FTC not only had authority to bring suits in the data security arena (despite the existence of specific data-security legislation enforced by other federal agencies), but that the FTC did not need to formally promulgate regulations before bringing an unfairness claim for data security breaches. This decision affirmed the FTC's power to pursue enforcement actions against private companies for their data security practices.
Although the trial court proceedings were not yet complete, Wyndham sought an interim review of the April decision. Such reviews - or "interlocutory" appeals - are rarely granted. However, in a victory for Wyndham, Judge Salas agreed to certify two of the case's questions to the U.S. Court of Appeals for the Third Circuit:
- Whether the Federal Trade Commission can bring an unfairness claim involving data security under Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45(a); and
- Whether the Federal Trade Commission must formally promulgate regulations before bringing its unfairness claim under Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45(a);
Essentially, this means that a federal appeals court will get a chance to review these particular questions, and to rule on them, before the broader case is ultimately decided by the trial court. In explaining her decision to allow for this unusual "midpoint" legal review, Salas emphasized the nationwide significance of the issues in this action, which she said would "indisputably affect consumers and businesses in a climate where we collectively struggle to maintain privacy while enjoying the benefits of the digital age."
We will keep you apprised of developments in the case as they unfold. If you have questions about data security, privacy , or other technology law issues, please contact S. Gregory Boyd at (212) 826 5581 or firstname.lastname@example.org, Hannah Taylor at (212) 705 4849 or email@example.com, or any other member of the Frankfurt Kurnit Technology, Digital Media and Privacy Group
Other Technology Law Alerts
Shields On: 9th Circuit Strengthens Legal Defense for Video Game Developers
There's good news for game developers who incorporate real-world elements in their games. On October 20, 2017, the Court of Appeals for the Ninth Circuit affirmed a trial court decision which found that Gran Turismo, a Sony video game, was an expressive work entitled to First Amendment protection
November 2 2017
FTC Settles First-Ever Action Against Individual “Influencers”
September 18 2017
No Harm, No Foul: Court Dismisses Biometric Data Privacy Class Action Against NBA 2K Games
Biometric data — from, e.g., retina, face and fingerprint scans — plays a big role in the current wave of new technology services. For example, biometrics provide security features for financial and healthcare products. But companies using or thinking of using biometric data have to comply with myriad privacy and data security laws and regulations, or face potential enforcement action and litigation.
February 16 2017