LJN’s Franchising Business & Law Alert quoted partner Alysa Z. Hutnik in the article, “Wyndham Hotels Charged for Franchisees’ Data Breaches.” In June, the Federal Trade Commission (FTC) filed a lawsuit against Wyndham Worldwide Corporation and three of its subsidiaries, alleging that they engaged in unfair and deceptive practices and violated Section 5 of the FTC Act by failing to implement adequate data security protections on computer systems located at 90 Wyndham-brand franchised hotels.
“The FTC’s complaint is significant for two reasons,” said Ms. Hutnik. “One, it represents the first time that the FTC will litigate its theory as to whether an entity’s privacy and data security practices were deceptive and unfair under Section 5 of the FTC Act. Past FTC cases have resulted in pre-litigation settlements or informal closings of investigations. Two, the lawsuit reflects the FTC’s position on what facts might cause a corporate brand to be held legally responsible under the FTC Act for the privacy and information security practices of a franchisee and affiliated third parties.”
The FTC pointed to numerous alleged data security flaws that, cumulatively, led to security breaches. “No privacy plan is perfect,” said Ms. Hutnik. “The FTC is looking at whether you are, on the whole, acting responsibly and remedying vulnerabilities when they become known.”