24 Mar FTC vs. Wyndham Worldwide Corporation Case Study
6445Read the Case Study at the end of Chapter 12 of the textbook and answer the following questions:
Comment on the authority and responsibility aspects of different legislations. What is the best way to give cybersecurity responsibility to an agency and yet have the authority to execute?
In situations like that of the FTC, what kind of regulations should be developed so as to oversee follow-through in cybersecurity cases?
As technology evolves, what should be done for the organizations to comply with the legislations?
Your report should be 2–3 pages in length and should be written in APA style
Let’s consider the case of Federal Trade Commission v. Wyndham Worldwide Corporation, a civil suit brought in the District of Arizona by the Federal Trade Commission (FTC). The case relates to a cybersecurity breach at Wyndham. The FTC sued the hospitality company and three of its subsidiaries because of data breaches where millions of dollars of fraudulent charges on consumer credit and debit cards were incurred. To understand why the case matters quite a bit, we need to step back and understand the role of FTC.
The FTC has two grounds on which it can bring a civil lawsuit. One is an allegation of deception—in other words an argument that some consumer service organization (like, say, Wyndham Hotels) had made representations to the consuming public that were false. As you may imagine, allegations of that sort are often very fact-specific and tied to particular circumstances.
The second ground for FTC enforcement is a broader one—that a company has engaged in “unfair” business practices—in other words, that a company “caused or [is] likely to cause substantial injury to consumers that consumers cannot reasonably avoid themselves and that is not outweighed by countervailing benefits to consumers or competition.”
The FTC suit against Wyndham is tied to a breach of Wydham’s computer systems by a Russian criminal organization that allegedly resulted in more than $10 million in fraud losses. It seeks a permanent injunction, directing Wyndham to fix its cybersystems so that they are more secure and unspecified damages.
The suit asserts two grounds for FTC jurisdiction. It first alleges that Wyndham’s privacy policy about how they will maintain the security of information about their customers is deceptive—in other words that Wyndham made cybersecurity promises it couldn’t keep. The suit also alleges that systematically Wyndham’s failure to provide adequate cybersecurity for the personally identifiable information of its customers is an unfair business practice.
This type of lawsuit by the FTC is not unusual. These legal theories have been the foundation, for example, of the FTC’s investigation of Google, Twitter, and HTC, and its investigation of data breaches at large consumer companies like Heartland. In almost all of these cases, the FTC deploys some combination of the argument that a company has misled the public about the nature of its cybersecurity (“deception”) or that it has failed to invest adequately in cybersecurity measures (“unfair practices”). Until now, all of these actions have resulted in out-of-court settlements, leaving the validity of the FTC’s legal theories untested.
FTC’s efforts are the only effective aspect of a federal program to compel the business community to adopt more stringent cybersecurity measures. While opinions are divided as to if the effects of FTC efforts are good or bad, it is indisputable that the outcome where companies are paying credence to the possibility of a lawsuit have increased. Since cybersecurity legislation is still to come in the future, and the administration’s executive order remains in development. The FTC is the only effective game in town.
But now—in the Wyndham case—the FTC’s authority is being questioned. As the Wall Street Journal reported, Wyndham is challenging the basic premise of the FTC’s suit, arguing that consumer protection statutes cannot be stretched to cover cybersecurity issues. Wyndham has argued that the lawsuit exceeds the FTC’s enforcement authority—a position supported by the Chamber of Commerce.
The principal evidence that the FTC may be acting beyond its authority is its own report from 2000, in which it asked Congress to expand its legal authority to consider security breaches as consumer-protection issues. Congress has never acted on that request, but the FTC has decided to proceed anyway. Indeed, as Wyndham notes, there are a host of more specific data-security laws already on the books (HIPAA; COPPA; Graham-Leach-Bliley; Fair Credit Reporting), suggesting that the FTC is acting beyond its remit as a regulatory authority.
Now, we can see why this is a significant matter. In the absence of comprehensive cybersecurity legislation and while we are waiting for the cybersecurity standards of the executive order to be developed, the only effective method for cybersecurity regulation by the government is to use the FTC’s enforcement authority. If, in the end, it turns out that the FTC lacks the authority it has been asserting, then the government will be without any real authority to compel cybersecurity improvements. Some will see that as a victory, and others will see that as a defeat, but either way it will be quite important. (Note: The Third Circuit eventually decided the case in favor of the FTC.) (Dhillon, 2017-11-17, pp. 307-308)
Dhillon, G. (2017-11-17). Information Security: Text and Cases, 2nd Edition [VitalSource Bookshelf version]. Retrieved from vbk://9781943153244
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Writedemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.