Data security is big news. And so is the Federal Trade Commission (“FTC”). Put the two together in a crucible of litigation, and it is sure to be a blockbuster. That is what the closely-watched case FTC v. Wyndham, now pending before the Third Circuit Court of Appeals, is shaping up to be.

The case, in which oral arguments were heard earlier this month, has its beginnings in 2012 when the FTC filed a complaint against Wyndham hotel companies (“Wyndham”) alleging a failure to maintain reasonable data security. Section 5 of the Federal Trade Commission Act endows the FTC with authority to police “unfair or deceptive acts or practices in or affecting commerce.” Specifically, the FTC alleged that Wyndham’s data security failures resulted in three instances of unauthorized access to Wyndham’s computer network containing sensitive consumer information. The FTC has been active in the data security arena for a number of years now, but Wyndham was the first to challenge its authority.

Wyndham moved to dismiss the complaint arguing that, among other things, the FTC lacked authority to assert an unfairness claim in the data-security context. Wyndham argued the FTC’s enforcement action amounted to the electronic equivalent of punishing a brick-and-mortar store for being robbed. But, the District of New Jersey disagreed, finding nothing precluded the FTC’s Section 5 authority to enforce data security.

Wyndham’s request for an immediate appeal of the ruling was granted – it argued that the issue of whether the FTC’s authority extends to regulation of data security is centrally important to businesses, particularly given the steady increase in cyberattacks.

In its appellate brief, Wyndham argued the FTC was overreaching its authority and failed to provide fair notice of what reasonable cybersecurity practices might be. The FTC responded that its Section 5 authority was purposely drafted in open-ended terms so that the FTC could accommodate evolving threats to consumers. It also argued its own prior complaints, consent orders, and publications gave Wyndham fair notice of its obligations to protect consumer data.

A decision from the Third Circuit would only be binding in Pennsylvania, New Jersey, and Delaware, but the case is being watched nation-wide as it promises to be the first appellate-level guidance on the FTC’s authority in the data security context. The varying interests in the case are reflected in the multiple amicus briefs filed with the court, including from the U.S. Chamber of Commerce, the Electronic Transactions Association, the Center for Digital Democracy, the Electronic Frontier Foundation, and the Electronic Privacy Information Center.

After the arguments, the Third Circuit requested supplemental briefing from both parties. Watch this blog for further developments in this case.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of David Munkittrick David Munkittrick

David Munkittrick is a litigator and trial attorney. His practice focuses on complex and large-scale antitrust, copyright and entertainment matters in all forms of dispute resolution and litigation, from complaint through appeal.

David has been involved in some of the most significant antitrust…

David Munkittrick is a litigator and trial attorney. His practice focuses on complex and large-scale antitrust, copyright and entertainment matters in all forms of dispute resolution and litigation, from complaint through appeal.

David has been involved in some of the most significant antitrust matters over the past few years, obtaining favorable results for Fortune 500 companies and other clients in bench and jury trials involving price discrimination and group boycott claims. His practice includes the full range of antitrust matters and disputes: from class actions to competitor suits and merger review. David advises antitrust clients in a range of industries, including entertainment, automotive, pharmaceutical, healthcare, agriculture, hospitality, financial services, and sports.

David also advises music, publishing, medical device, sports, and technology clients in navigating complex copyright issues and compliance. He has represented some of the most recognized names in entertainment, including Sony Music Entertainment, Lady Gaga, U2, Madonna, Daft Punk, RCA Records, BMG Music Publishing, Live Nation, the National Academy of Recording Arts and Sciences, Universal Music Group and Warner/Chappell.

David maintains an active pro bono practice, supporting clients in the arts and in immigration proceedings. He has been repeatedly recognized as Empire State Counsel by the New York State Bar Association for his pro bono service, and is a recipient of Proskauer’s Golden Gavel Award for excellence in pro bono work.

When not practicing law, David spends time practicing piano. He recently made his Carnegie Hall debut at Weill Recital Hall with a piano trio and accompanying a Schubert lieder.

David frequently speaks on antitrust and copyright issues, and has authored or co-authored numerous articles and treatise chapters, including:

  • Causation and Remoteness, the U.S. Perspective, in GCR Private Litigation Guide.
  • Data Breach Litigation Involving Consumer Class Actions, in Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age.
  • Location Privacy: Technology and the Law, in Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age.
  • FTC Enforcement of Privacy, in Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age.
  • The Role of Experts in Music Copyright Cases, Intellectual Property Magazine.
  • Nonprofit Education: A Historical Basis for Tax Exemption in the Arts, 21 NYSBA Ent., Arts, & Sports L.J. 67
  • A Founding Father of Modern Music Education: The Thought and Philosophy of Karl W. Gehrkens, Journal of Historical Research in Music Education
  • Jackson Family Wines, Inc. v. Diageo North America, Inc. Represented Diageo in trademark infringement litigation