Senior Communications Manager
Kirk Nahra Comments on the FTC’s Authority to Oversee Cybersecurity After Wyndham Ruling
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in an April 14 article published in the Bloomberg BNA’s Privacy & Data Security Law Resource Center about the outcome of a court ruling that said the Federal Trade Commission (FTC) has the authority to bring an enforcement action against Wyndham Worldwide Corp. for allegedly poor data-security standards.
The FTC brought suit against Wyndham after the company’s information systems were breached, resulting in $10.6 million in losses to credit card fraud, according to the article. The April 7 court ruling cemented the FTC’s authority to use the unfair trade practices provision of the FTC Act against companies with allegedly lax data-security practices.
The ruling will “permit the FTC to continue the reasonably aggressive enforcement approach they have pursued for a decade in more than 50 cases,” Mr. Nahra said. Additionally, the ruling will “perhaps embolden them to be more aggressive now that their authority has been supported thoroughly and completely by the court.”
Before the ruling, the FTC had asked Congress to pass legislation that would give it explicit power to regulate data-security practices. “This decision will reduce pressure on Congress to pass data security legislation,” Mr. Nahra said.