Wyndham, FTC Clash on Cybersecurity

The ability of the Federal Trade Commission to police cybersecurity practices at US companies drew fierce debate, with lawyers for hotelier Wyndham Worldwide arguing to a federal judge in New Jersey that the agency has no such authority.

Lawyers for Wyndham said Congress had never empowered the FTC to regulate the way companies keep and protect their data. Wyndham's lawyers also argued that the FTC had never published rules governing cybersecurity that would instruct companies on how to stay out of trouble. Lawyers for the FTC countered that they were fully empowered under part of the Federal Trade Commission Act, a broadly written law first enacted in 1914 that authorizes the commission to act against a company that harms consumers by taking unfair or deceptive action. The deception in this case, according to the FTC, is that consumers' data would be protected on Wyndham's networks.