News and Announcements
  • USLAW NETWORK Foundation announces Foundation Partners program

    The USLAW NETWORK Foundation, the philanthropic division of USLAW NETWORK, is excited to announce its first group… Continue Reading

  • EVENTS

    It’s no secret – USLAW can host a great event. Throughout the year, we have a full… Continue Reading

For Law Firms
  • USLAW for Law Firms

    USLAW was founded in 2001 and has focused on delivering exceptional client service, trusted relationships and friendships… Continue Reading

For Clients and In-House Legal Decision Makers
  • USLAW for Clients and Legal Decision-Makers

    USLAW NETWORK provides legal decision-makers with access to attorneys who are highly knowledgeable and skilled in jurisdictions… Continue Reading

For Corporate Partners
  • USLAW for Corporate Partners

    USLAW NETWORK is supported by our family of corporate partners, each of whom provides a high-level expertise… Continue Reading

For Attorneys
  • USLAW for Attorneys

    USLAW NETWORK is a terrific business development, networking, and professional development organization for lawyers across a spectrum… Continue Reading

Featured
  • Trusts and Estates

    Trust and estate planning can be complicated, but strategic planning is vitally important in helping you minimize… Continue Reading

  • Insurance Law

    USLAW brings together more than 60 law firms with deep experience evaluating, assessing, and litigating insurance coverage… Continue Reading

Featured Resources
  • USLAW releases Spring 2024 issue of USLAW Magazine

    WHAT YOU'LL FIND IN THIS ISSUE In this issue of USLAW Magazine, we feature articles that delve… Continue Reading

  • State Judicial Profiles by County

    State Judicial Profiles by County Jurisdictional awareness of the court and juries on a county-by-county basis is… Continue Reading

USLAW Foundation News
  • Commitment to Diversity

    From the beginning of our organization, USLAW NETWORK has championed the cause of racial equality. We believe… Continue Reading

  • USLAW NETWORK Foundation announces Foundation Partners program

    The USLAW NETWORK Foundation, the philanthropic division of USLAW NETWORK, is excited to announce its first group… Continue Reading

Third Circuit Hears Oral Arguments on Challenge FTC’s Authority to Regulate Cybersecurity

POSTED MARCH 24, 2015

A special to USLAW NETWORK and USLAW DigiKnow

By Karen Painter Randall, Connell Foley LLP, Roseland, New Jersey

On March 3, 2015, a judicial panel from the U.S. Court of Appeals for the Third Circuit heard oral arguments regarding a challenge by Wyndham Worldwide Corp. (“Wyndham”) against the Federal Trade Commission’s (“FTC”) authority to regulate cybersecurity. In particular, Wyndham is seeking to have the court dismiss the FTC’s cybersecurity case against them, contending that Congress never gave the FTC the authority to regulate data privacy.

The case initially arose after a significant cyber-attack against the hotel company from 2008 – 2010, in which hackers stole data from hundreds of thousands of customer accounts, resulting in at least $10.6 million in fraudulent charges. Wyndham informed regulators and consumers about the attack and subsequently cooperated with an FTC investigation into the incident. Despite this cooperation, the FTC filed suit against Wyndham, alleging numerous failures and inadequacies in the company’s data security, including the failure to erect firewalls, use password protections and configure payment data securely. Moreover, the FTC is seeking an injunction requiring security improvements by Wyndham, and possible “other relief,” which could include financial restitution and refunds.

Previously, the FTC has brought cybersecurity actions relying on its authority under Section 5 of the Federal Trade Commission Act, 15 U.S.C §§ 41-58, as amended (the “Act”). Section 5 of the Act, the “unfairness prong,” provides the FTC with authority to prevent “unfair” and “deceptive” business practices in or affecting commerce. In its brief to Third Circuit, the FTC argues that inadequate cybersecurity “unreasonably exposes consumers to substantial injury they cannot reasonably avoid.” Furthermore, during oral argument, the FTC emphasized its belief that Congress clearly intended for the agency to broadly wield its “unfairness power” under the Act to encompass “every manner of consumer harm.”

However, during oral argument at least one of the circuit judges on the panel appeared to disagree with the FTC’s position stating that his reading of the relevant legislative history appeared to indicate that the FTC only has the ability to bring “routine fraud cases.” This appears to favor Wyndham, whose main argument has been that Congress never intended for the “unfairness prong” to reach practices that can only be considered negligent, but not necessarily fraudulent. Wyndham has also responded to the FTC’s contention of regulatory authority by arguing that a business cannot be deemed to have engaged in an “unfair” practice, whereas here, the business itself was the victim of criminal conduct by others.

Although the Third Circuit may be reluctant to endorse the commission’s long-running assertion that it has broad authority to regulate practices that it deems to be “unfair”, the district court below reached a different conclusion. In her opinion, Judge Salas strongly endorsed the FTC’s position holding: (1) Section 5 of the Act permitted the agency to regulate data security; (2) the agency had provided adequate notice of what constitutes reasonable data security standards; and (3) the FTC adequately pled a claim for either unfairness or deception under Section 5 of the Act.

Although most people assumed that the FTC would win on appeal, the recent argument before the Third Circuit has raised some doubt about the approach the FTC has been taking in its enforcement activities. Ultimately, this case may be setting the stage for the country’s highest court to weigh in.

Designed & Developed by Peak Seven