Third Circuit Court of Appeals to Consider FTC Data Security Authority
Friday, August 1, 2014
Jeff Kosseff, Privacy Attorney, Covington Law Firm
Print Mail Download i

The U.S. Court of Appeals for the Third Circuit this week agreed to consider whether the Federal Trade Commission has the authority to regulate companies’ data security practices.

On Tuesday, the Third Circuit granted Wyndham Hotel and Resorts’ petition for interlocutory review of Judge Esther Salas’s denial of a motion to dismiss a FTC lawsuit that alleges that Wyndham violated the FTC Act’s prohibition against “unfair practices” by failing to reasonably secure its customers’ personal information. Although Salas’s opinion is not binding, it received  considerable attention because it was the first court opinion to decide whether the “unfairness” prong of the Section 5 of the FTC Act provides the Commission with the authority to bring actions involving data security. 

Denials of motions to dismiss are not immediately appealable, absent permission from both the district court and appeals court.  Salas certified the case for appeal in June, reasoning that there is substantial ground for differences of opinion on: (1) whether the FTC can bring a Section 5 unfairness claim involving data security; and (2) whether the FTC must formally promulgate regulations before bringing its unfairness claim.

In a brief to the Third Circuit last month, the FTC stated that although the case does not meet all of the requirements for interlocutory review, the legal issues are important and would benefit from review by an appellate court.  A Third Circuit order affirming Judge Salas’s opinion “would advance the public interest by removing the uncertainty that Wyndham is attempting to generate regarding the Commission’s statutory authority to protect consumers from unreasonable and harmful data security lapses,” the FTC wrote.

In an amicus brief supporting Wyndham’s petition for review, the U.S. Chamber of Commerce wrote that “companies currently struggle to decipher coherent standards from the FTC’s dozens of consent orders and previous pronouncements on data security, and to accommodate those dictates with other security regulations and risk management protocols.”

Assuming that the Third Circuit publishes its opinion in this case, the ruling would be binding in Delaware, New Jersey, and Pennsylvania.

© 2024 Covington & Burling LLP

Current Legal Analysis

More from Covington & Burling LLP

Standing Issues in Data Breach Litigation: An Overview
by: Priscilla Fasoro , Lauren Wiseman
Financial Agencies Release Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing
by: Lucille C. Bartholomew
Senate Confirms Kraninger as BCFP Director
by: Luis Urbina
FTC Solicits Public Comment on Identity Theft Detection Rules
by: S. Burr Eckstut
Significant FDA Digital Health Policy Development for Prescription Drug Sponsors
by: Mingham Ji , Christina G. Kuhn
First Significant Pay-to-Play Legislation for the District of Columbia Approved by D.C. Council
by: Kevin Glandon
FTC Settles with PR Firm and Publisher Over Social Media Endorsements
by: Inside Privacy Blog at Covington and Burling
Senate Testimony Highlights Tensions in BSA/AML Reform Efforts as Lawmakers Consider Bipartisan Legislation
by: Sam Adriance
Reprieve in U.S.-China Trade Tensions: U.S. Tariffs on $200 Billion in Chinese Imports to Stay at 10 Percent for 90 Days; China to Purchase U.S. Goods
by: Christopher Adams , John Veroneau
AI Update: FCC Hosts Inaugural Forum on Artificial Intelligence
by: Thomas Parisi

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins