Skip to content

Menu

LexBlog, Inc. logo
CommunitySub-MenuPublishersChannelsProductsSub-MenuBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAboutContactResourcesSubscribeSupport
Join
Search
Close

When is Data Security “Unfair”?

By David Munkittrick on March 20, 2015
Email this postTweet this postLike this postShare this post on LinkedIn

Data security is big news. And so is the Federal Trade Commission (“FTC”). Put the two together in a crucible of litigation, and it is sure to be a blockbuster. That is what the closely-watched case FTC v. Wyndham, now pending before the Third Circuit Court of Appeals, is shaping up to be.

The case, in which oral arguments were heard earlier this month, has its beginnings in 2012 when the FTC filed a complaint against Wyndham hotel companies (“Wyndham”) alleging a failure to maintain reasonable data security. Section 5 of the Federal Trade Commission Act endows the FTC with authority to police “unfair or deceptive acts or practices in or affecting commerce.” Specifically, the FTC alleged that Wyndham’s data security failures resulted in three instances of unauthorized access to Wyndham’s computer network containing sensitive consumer information. The FTC has been active in the data security arena for a number of years now, but Wyndham was the first to challenge its authority.

Wyndham moved to dismiss the complaint arguing that, among other things, the FTC lacked authority to assert an unfairness claim in the data-security context. Wyndham argued the FTC’s enforcement action amounted to the electronic equivalent of punishing a brick-and-mortar store for being robbed. But, the District of New Jersey disagreed, finding nothing precluded the FTC’s Section 5 authority to enforce data security.

Wyndham’s request for an immediate appeal of the ruling was granted – it argued that the issue of whether the FTC’s authority extends to regulation of data security is centrally important to businesses, particularly given the steady increase in cyberattacks.

In its appellate brief, Wyndham argued the FTC was overreaching its authority and failed to provide fair notice of what reasonable cybersecurity practices might be. The FTC responded that its Section 5 authority was purposely drafted in open-ended terms so that the FTC could accommodate evolving threats to consumers. It also argued its own prior complaints, consent orders, and publications gave Wyndham fair notice of its obligations to protect consumer data.

A decision from the Third Circuit would only be binding in Pennsylvania, New Jersey, and Delaware, but the case is being watched nation-wide as it promises to be the first appellate-level guidance on the FTC’s authority in the data security context. The varying interests in the case are reflected in the multiple amicus briefs filed with the court, including from the U.S. Chamber of Commerce, the Electronic Transactions Association, the Center for Digital Democracy, the Electronic Frontier Foundation, and the Electronic Privacy Information Center.

After the arguments, the Third Circuit requested supplemental briefing from both parties. Watch this blog for further developments in this case.

Photo of David Munkittrick David Munkittrick

David Munkittrick is a litigator and trial attorney. His practice focuses on complex and large-scale antitrust, copyright and entertainment matters in all forms of dispute resolution and litigation, from complaint through appeal.

David has been involved in some of the most significant antitrust…

David Munkittrick is a litigator and trial attorney. His practice focuses on complex and large-scale antitrust, copyright and entertainment matters in all forms of dispute resolution and litigation, from complaint through appeal.

David has been involved in some of the most significant antitrust matters over the past few years, obtaining favorable results for Fortune 500 companies and other clients in bench and jury trials involving price discrimination and group boycott claims. His practice includes the full range of antitrust matters and disputes: from class actions to competitor suits and merger review. David advises antitrust clients in a range of industries, including entertainment, automotive, pharmaceutical, healthcare, agriculture, hospitality, financial services, and sports.

David also advises music, publishing, medical device, sports, and technology clients in navigating complex copyright issues and compliance. He has represented some of the most recognized names in entertainment, including Sony Music Entertainment, Lady Gaga, U2, Madonna, Daft Punk, RCA Records, BMG Music Publishing, Live Nation, the National Academy of Recording Arts and Sciences, Universal Music Group and Warner/Chappell.

David maintains an active pro bono practice, supporting clients in the arts and in immigration proceedings. He has been repeatedly recognized as Empire State Counsel by the New York State Bar Association for his pro bono service, and is a recipient of Proskauer’s Golden Gavel Award for excellence in pro bono work.

When not practicing law, David spends time practicing piano. He recently made his Carnegie Hall debut at Weill Recital Hall with a piano trio and accompanying a Schubert lieder.

David frequently speaks on antitrust and copyright issues, and has authored or co-authored numerous articles and treatise chapters, including:

  • Causation and Remoteness, the U.S. Perspective, in GCR Private Litigation Guide.
  • Data Breach Litigation Involving Consumer Class Actions, in Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age.
  • Location Privacy: Technology and the Law, in Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age.
  • FTC Enforcement of Privacy, in Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age.
  • The Role of Experts in Music Copyright Cases, Intellectual Property Magazine.
  • Nonprofit Education: A Historical Basis for Tax Exemption in the Arts, 21 NYSBA Ent., Arts, & Sports L.J. 67
  • A Founding Father of Modern Music Education: The Thought and Philosophy of Karl W. Gehrkens, Journal of Historical Research in Music Education
  • Jackson Family Wines, Inc. v. Diageo North America, Inc. Represented Diageo in trademark infringement litigation
Read more about David MunkittrickEmail
Show more Show less
  • Posted in:
    Privacy & Data Security
  • Blog:
    Privacy Law Blog
  • Organization:
  • Article: View Original Source

LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center

New to the Network

  • Law of The Ledger
  • Antitrust Law Blog
  • Your ERISA Watch
  • Ciric Law Firm Blog
  • Sacramento Property & Poverty
Copyright © 2022, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo