FTC v. Wyndham Worldwide Corp.
United States Court of Appeals for the Third Circuit
March 3, 2015, Argued; August 24, 2015, Opinion Filed
[*240] OPINION OF THE COURT
AMBRO, Circuit Judge
The Federal Trade Commission Act prohibits "unfair or deceptive acts or practices in or affecting commerce." 15 U.S.C. § 45(a). In 2005 the Federal Trade Commission began bringing administrative actions under this provision against companies with allegedly deficient cybersecurity that failed to protect consumer data against hackers. The vast majority of these cases have ended in settlement.
A. Wyndham's Cybersecurity
Wyndham Worldwide is a hospitality company that franchises and manages hotels and sells timeshares through three subsidiaries. Wyndham licensed its brand name to approximately 90 independently owned hotels. Each Wyndham-branded hotel has a property management system that processes consumer information that includes names, home addresses, email addresses, telephone numbers, payment card account numbers, expiration dates, and security codes. Wyndham "manage[s]" these systems and requires the hotels to "purchase and configure" them to its own specifications. Compl. at ¶ 15, 17. It also operates a computer network in Phoenix, Arizona, that connects its data center with the property [**5] management systems of each of the Wyndham-branded hotels.
The FTC alleges that, at least since April 2008, Wyndham engaged in unfair cybersecurity practices that, "taken together, unreasonably and unnecessarily exposed consumers' personal data to unauthorized access and theft." Id. at ¶ 24. This claim is fleshed out as follows.Read The Full CaseNot a Lexis Advance subscriber? Try it out for free.
Full case includes Shepard's, Headnotes, Legal Analytics from Lex Machina, and more.
799 F.3d 236 *; 2015 U.S. App. LEXIS 14839 **; 2015-2 Trade Cas. (CCH) P79,269
FEDERAL TRADE COMMISSION v. WYNDHAM WORLDWIDE CORPORATION, a Delaware Corporation WYNDHAM HOTEL GROUP, LLC, a Delaware limited liability company; WYNDHAM HOTELS AND RESORTS, LLC, a Delaware limited liability company; WYNDHAM HOTEL MANAGEMENT INCORPORATED, a Delaware Corporation, Wyndham Hotels and Resorts, LLC, Appellant
Prior History: [**1] On Appeal from the United States District Court for the District of New Jersey. (D.C. Civil Action No. 2-13-cv-01887). District Judge: Honorable Esther Salas.
FTC v. Wyndham Worldwide Corp., 10 F. Supp. 3d 602, 2014 U.S. Dist. LEXIS 47622 (D.N.J., 2014)
Disposition: Judgment affirmed.
unfair, consumers, cybersecurity, practices, network, fair notice, regulations, hotels, deference, hackers, notice, deceptive, privacy, allegations, property management, complaints, passwords, policy statement, courts, connect, meaning of the statute, unfair practice, first instance, ascertainable, customers, firewall, attacks, cases, agency's interpretation, personal information
Civil Procedure, Appeals, Standards of Review, De Novo Review, Defenses, Demurrers & Objections, Motions to Dismiss, Failure to State Claim, Banking Law, Federal Acts, Federal Trade Commission Act, Unfair Competition & Practices, Scope & Enforcement, Constitutional Law, Fundamental Rights, Procedural Due Process, Scope of Protection, Administrative Law, Judicial Review, Deference to Agency Statutory Interpretation, Constitutional Right, Governments, Legislation, Interpretation