Court Upholds Decision on Authority of FTC in Data Security Cases

The U.S. Court of Appeals for the Third Circuit reaffirmed a federal district court ruling that preserves the Federal Trade Commission’s authority to take action against companies that fail to protect consumer information on Monday.

In June 2012, the FTC filed suit against global hospitality company Wyndham Worldwide Corporation and three of its subsidiaries for alleged data security failures that led to three data breaches at Wyndham hotels in less than two years. The FTC alleged that these failures led to fraudulent charges on consumers’ accounts, millions of dollars in fraud loss, and the export of hundreds of thousands of consumers’ payment card account information to an Internet domain address registered in Russia, according to a FTC news release.

In 2014, the United States District Court District of New Jersey denied a motion to dismiss the case from Wyndham.

“Today’s Third Circuit Court of Appeals decision reaffirms the FTC’s authority to hold companies accountable for failing to safeguard consumer data,” said FTC Chairwoman Edith Ramirez in the news release. “It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information.”

According to the FTC, it can file charges under Section 5 of the FTC Act, which bars unfair and deceptive acts and practices in or affecting commerce. In addition to the FTC Act, the agency also enforces other federal laws relating to consumers’ privacy and security.

ACA International has resources for companies to learn about keeping their data security measures up-to-date.

Data security is essential for companies of all sizes and over the years credit and collection industry members have had to come to grips with data security, ACA International recently reported in the August issue of Collector magazine.