FTC goes after a company that repeatedly lost customer data, company cries 'Foul!'
After the Wyndham Hotels suffered its third data breach in two years, the Federal Trade Commission filed a complaint against the company for not taking reasonable steps to protect its customers' data. As Forbes' Kashmir Hill reported in an August 21, 2014, article, the hotel chain asked the court to dismiss the case because the FTC lacked regulatory authority to oversee data security.
The court disagreed, as do most data-security analysts. The fact is, many companies do very little to prevent data breaches because there's no incentive for them to protect their customers' data. For example, TrendNET's IP video cameras are trivially easy for hackers to access, so the FTC recently required that the company improve the built-in security of the devices.
Companies such as Wyndham Hotels claim they lack guidelines from the FTC that would let them know the level of security they are expected to provide. The case indicates the need for federal legislation that standardizes data-security requirements for companies outside the medical and financial industries, which are already subject to federal regulations for data security. It also puts all organizations on notice that data security is a core requirement of all their products and services.
To which I say, "Hooray!" and "Hooray!" You go, FTC!