Case Summary
**Case Summary: FTC v. Wyndham Worldwide Corp., et al.**
**Docket Number:** 2638782
**Court:** United States District Court for the District of New Jersey
**Date:** Filed on June 26, 2012
**Parties Involved:**
- Plaintiff: Federal Trade Commission (FTC)
- Defendants: Wyndham Worldwide Corporation, Wyndham Hotel Group, LLC, and related entities.
**Background:**
The case arose from the Federal Trade Commission's investigation into Wyndham Worldwide Corporation's data security practices following a series of cyberattacks that resulted in unauthorized access to customer payment card information. The FTC alleged that these breaches were a result of deficient data security practices employed by Wyndham.
**Allegations:**
The FTC's complaint asserted that Wyndham had engaged in unfair and deceptive acts and practices in violation of Section 5 of the FTC Act. Key allegations included:
- Failure to implement reasonable security measures to protect consumer data that led to multiple data breaches.
- Storage of sensitive customer information without adequate safeguards.
- Poor system configurations, including the use of easily guessed passwords and lack of encryption.
**Legal Issues:**
The primary legal issues involved whether the FTC had the authority to regulate data security practices under its unfair or deceptive acts and practices authority and whether Wyndham’s practices constituted a violation of this authority.
**Court Rulings:**
In a notable ruling in early 2014, the U.S. District Court denied Wyndham's motion to dismiss the FTC’s complaint, allowing the case to proceed. The court established that the FTC could pursue enforcement actions against companies for failing to implement adequate data security measures.
**Resolution:**
The case ultimately reached a settlement in 2015. As part of the settlement, Wyndham agreed to implement comprehensive data security programs. Additionally, the company had to undergo regular assessments by an independent third party for 20 years to ensure compliance with data security requirements.
**Significance:**
The case is significant as it underscores the FTC's authority in enforcing data security standards and set a precedent for how companies must manage consumer data. It highlights the FTC's role in protecting consumer privacy in the face of increasingly common data breaches and cyber threats, establishing that companies could be held liable for failing to adequately secure sensitive customer information.
**Conclusion:**
FTC v. Wyndham Worldwide Corp. exemplifies the legal ramifications of inadequate data security measures and the evolving landscape of consumer protection laws concerning digital data. It marks a pivotal point in the FTC's regulatory approach to data security and privacy, reinforcing the importance of safeguarding consumer information in the business sector.