A recent appeals court ruling puts more power in the hands of the Federal Trade Commission when it comes to policing corporate cybersecurity.
The ruling, by the Third U.S. Circuit Court of Appeals in Philadelphia, will allow the FTC to move forward with a lawsuit against Wyndham Worldwide Corp. in which it alleges the hotel chain was responsible for three breaches between 2000-2010 where hackers allegedly stole hundreds of thousands of credit and debit card numbers, according to the Wall Street Journal.
That ruling now puts more power in the hands of the FTC and other agencies to sue companies that don't provide protections against theft of online data.
The decision is a "watershed event," Scott Vernick, who handles data security and privacy matters at law firm Fox Rothschild LLP, told the WSJ. It has solidified the FTC's role as a cybersecurity cop, according to the article.
The ruling may have far-reaching consequences for the healthcare industry, which is frequently targeted by hackers.
Before the ruling was made, Wyndham called the FTC's lawsuit government overreach, according to WSJ.
That's not the first time the FTC has been questioned in regard to security oversight. In July 2014, members of the House Committee on Oversight and Government Reform questioned its health data and cybersecurity authority.
That came a couple months after a report from the FTC that said Congress needed to force data brokers to be more transparent about how they use the personal information of consumers--including health information.
To learn more:
- here's the article
- check out the ruling (.pdf)