The FTC recently entered into a Consent Order last week with Wyndham Hotels and Resorts resolving the FTC’s allegations that Wyndham did not do enough to prevent its customer’s credit card data from three data breaches that occurred in 2008 and 2009. The Consent Order comes on the heels of the Third Circuit’s opinion in the case in which the court held that the FTC has an authority to hold companies accountable for failing to safeguard consumer data. See Federal Trade Commission v. Wyndham Worldwide Corp., 799 F. 3d 236 (3rd Cir. 2015).
Specifically, the Complaint alleges that:
Specifically, the FTC’s complaint alleges that on three separate occasions in 2008 and 2009 hackers gained access to Wyndham’s network and property management systems and obtained unencrypted information on over 619,000 consumers. The complaint alleges that Wyndham participated in deceptive and unfair acts or practices related to their data security by failing to address the weaknesses of its cyber security systems that had led to prior attacks.
The Consent Order, which will remain in effect for twenty years, requires Wyndham, among other things:
Businesses which store private personal information should take note of the FTC Consent Order and take the following lessons to heart:
Caren Enloe leads Smith Debnam’ s consumer financial services litigation and compliance group. In her practice, she defends consumer financial service providers and members of the collection industry in state and federal court, as well as in regulatory matters involving a variety of consumer protection laws. Caren also advises fintech companies, law firms, and collection agencies regarding an array of consumer finance issues. An active writer and speaker, Caren currently serves as chair of the Debt Collection Practices and Bankruptcy subcommittee for the American Bar Association’s Consumer Financial Services Committee. She is also a member of the Defense Bar for the National Creditors Bar Association, the North Carolina State Chair for ACA International’s Member Attorney Program and a member of the Bank Counsel Committee of the North Carolina Bankers Association. Most recently, she was elected to the Governing Committee for the Conference on Consumer Finance Law. In 2018, Caren was named one of the “20 Most Powerful Women in Collections” by Collection Advisor, a national trade publication. Caren oversees a blog titled: Consumer Financial Services Litigation and Compliance dedicated to consumer financial services and has been published in a number of publications including the Journal of Taxation and Regulation of Financial Institutions, California State Bar Business Law News, Banking and Financial Services Policy Report and Carolina Banker....LEARN MORE