FTC Interpreted to be Cyber Security Police

Today, August 24, 2015, in a long-anticipated decision, the Third Circuit has interpreted the enforcement authority of the Federal Trade Commission under the Federal Trade Commission Act to include cyber security deficiencies as “unfair” acts or practices in or affecting commerce.  The Third Circuit affirmed the District Court’s denial of a motion to dismiss in the Wyndham Worldwide Corporation case in which the FTC filed suit under Section 45(a) of the FTC Act in relation to a series of breaches during 2008 and 2009 that disclosed consumer data and resulted in over $10.6 million in fraudulent charges. Note that this holding as to the FTC’s enforcement authority is limited to the Third Circuit.  Section 45(a) is still subject to challenges in other jurisdictions, which may be more willing to agree with Wyndham that the FTC’s current interpretation of its authority is inconsistent with the FTC’s repeated efforts to obtain from Congress the very authority it purports to wield here.  You can read the Third Circuit opinion here.