clock menu more-arrow no yes

Filed under:

The FTC can regulate companies with bad cybersecurity, court rules

The FTC will be able to continue regulating companies that put users at risk with bad cybersecurity, a US appeals court ruled today. Reuters reports that the Third Circuit Court of Appeals in Philadelphia decided the FTC has broad leeway to police companies' "unfair" practices, including failure to monitor security flaws that can lead to data breaches.

The ruling stems from a 2012 lawsuit by the FTC against Wyndham Worldwide Corp, which operates major hotel chains. After a string of three data breaches, the FTC argued that Wyndham's security practices had put customers at risk.

Wyndham said that the FTC had gone beyond its powers with the suit, but the company lost an attempt to halt the lawsuit in a lower court, according to Reuters. That decision, which allowed the case to go forward without making a decision on its merits, was upheld today in the 3–0 decision from the appeals court.