Administrative Law - Federal Trade Commission Act - Third Circuit Finds FTC Has Authority to Regulate Data Security and Company Had Fair Notice of Potential Liability

Harvard Law Review, February 2016 | Go to article overview

Administrative Law - Federal Trade Commission Act - Third Circuit Finds FTC Has Authority to Regulate Data Security and Company Had Fair Notice of Potential Liability


ADMINISTRATIVE LAW--FEDERAL TRADE COMMISSION ACT--THIRD CIRCUIT FINDS FTC HAS AUTHORITY TO REGULATE DATA SECURITY AND COMPANY HAD FAIR NOTICE OF POTENTIAL LIABILITY.--FTC v. Wyndham Worldwide Corp., 799 F.3d 236 (3d Cir. 2015).

Many statutes authorizing regulation by executive agencies were written long before modern computer technology was invented, and even longer before hackers began exploiting weaknesses to access personal information. In the last decade, the Federal Trade Commission (FTC) has started to police companies for exposing the data they collect from consumers to the threat of breach. The Commission has primarily based this enforcement on the FTC Act (1) (FTCA), which in 15 U.S.C. [section] 45(a) prohibits "unfair ... practices in or affecting commerce. (2) This language has left the Commission vulnerable to challenge based on its scope of authority. Recently, in FTC v. Wyndham Worldwide Corp., (3) the Third Circuit held that certain data security practices could be considered "unfair" under [section] 45(a), and that the relevant provision provided Wyndham fair notice that its practices opened it up to liability. Based on the procedural posture and facts of the case, the court correctly determined that Wyndham had fair notice of its potential liability under the statute. But the court's statutory fair notice analysis illustrated a tension between effective FTC regulation of data security practices and constitutional notice requirements. Future courts facing more difficult factual circumstances will likely have to grapple with this tension in a way the Third Circuit was able to avoid.

Wyndham Worldwide, a hospitality company that franchises and manages hotels, used a property management system that processed consumer information, including names, addresses, contact information, and credit card information. (4) In 2008 and 2009, Wyndham's network and property management systems were hacked three times. (5) Hackers allegedly accessed unencrypted information for over 619,000 accounts, resulting in approximately $10.6 million in fraud loss. (6)

The FTC filed suit against Wyndham in the U.S. District Court for the District of Arizona in June 2012, claiming that the hacks were the result of unfair and deceptive practices in violation of [section] 45(a). (8) At Wyndham's request the case was transferred to the U.S. District Court for the District of New Jersey, and Wyndham filed a Rule 12(b)(6) motion to dismiss. (9) Wyndham asserted three claims: the FTC did not have authority to bring a data security unfairness claim, violated fair notice principles by bringing an unfairness claim without first promulgating formal regulations, and insufficiently pleaded its unfairness and deception claims. (10)

The district court denied the motion to dismiss. (11) In response to Wyndham's first claim, the court held that FTC authority over data security could "coexist with the existing data security regulatory scheme" (12) and was not, as Wyndham argued, analogous to the FDA's claim of authority over tobacco rejected in FDA v. Brown & Williamson Tobacco Corp. (13) As to Wyndham's second claim, the court noted that agencies generally have the discretion to regulate through adjudication or rulemaking as they see fit. (14) Although the court acknowledged the parties' dispute over the applicable standard of review, (15) it focused instead on the ability of the FTC's public statements, guidance documents, and complaints and consent decrees to provide notice. (16) Moreover, "a statutorily-defined standard exist[ed] for asserting an unfairness claim" (17)--[section] 45 requires that a practice satisfy a particular cost-benefit balancing test to be declared "unfair." (18) The court also held the FTC did not need to formally promulgate rules because the proscriptions in [section] 45 are purposefully flexible. (19) It also denied Wyndham's third claim, finding that the agency had adequately alleged substantial consumer injury that was not reasonably avoidable by the consumers themselves. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Note: primary sources have slightly different requirements for citation. Please see these guidelines for more information.

Cited article

Administrative Law - Federal Trade Commission Act - Third Circuit Finds FTC Has Authority to Regulate Data Security and Company Had Fair Notice of Potential Liability
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen
Items saved from this article
  • Highlights & Notes
  • Citations
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Search by... Author
    Show... All Results Primary Sources Peer-reviewed

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.