FTC-Wyndham Court Decisions Make Cybersecurity More Litigiou$

by

The latest story from Arstechnica:

http://arstechnica.com/tech-policy/2015/08/ftc-can-sue-companies-with-poor-information-security-appeals-court-says/

Builds on the previous post: http://oversitesentry.com/courts-uphold-ftc-regulation-punishment-to-negligent-company/

Higher regulation –> higher lawsuit fees –>  More costs to a breach.

Wyndham had ineffective Cybersecurity and FTC ruled was negligent in its IT practices.  But Wyndham thought it could sue the FTC since Wyndham thought FTC was pushing it’s boundaries as far as consumer protection goes.

 

But what Wyndham did not realize is that this was another case that builds on others in the courts that are part of the FTC regulating companies’ cybersecurity faulty practices. And now that over 100 cases are in the books. FTC has case law on it’s side.

The crux of the FTC argument:

The FTC argued that “taken together, [Wyndham] unreasonably and unnecessarily exposed consumers’ personal data to unauthorized access and theft.

 

The appeals court ruling with the latest news reports have finalized this ruling by the FTC.

 

So why am I spending time to discuss this again? Because what was a maybe before the appeals court ruling esures more of these regulations and FTC rulings.

and see in this story http://thehill.com/policy/cybersecurity/252217-court-rules-leads-to-fears-of-ftc-litigation-on-cybersecurity:

The FTC has brought more than 50 suits against companies over lax cybersecurity, most of which have resulted in settlements.

This post is just an FYI –

ftcimage

I picked that logo, because it looks like the FTC is taking it upon itself to enlarge it’s mandate – not just the traditional :

“The Bureau of Consumer Protection’s mandate is to protect consumers against unfair or deceptive acts or practices in commerce.”    Now the unfair deceptive acts include running computers that are not secure.

The more we understand the now additional risk calculus within our risk analysis the better we can do our cybersecurity jobs.

 

So now if you have a hacked computer and credit card numbers are stolen, the customer will be upset at you, and the FTC will fine you, the PCI (Payment Card Industry) will audit you, the fines and potential downside of a breach has just increased.

Who wins? the lawyers of course…

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.