September 24, 2021

Volume XI, Number 267

Advertisement

September 23, 2021

Subscribe to Latest Legal News and Analysis

September 22, 2021

Subscribe to Latest Legal News and Analysis

September 21, 2021

Subscribe to Latest Legal News and Analysis

Third Circuit Court of Appeals to Consider FTC Data Security Authority

The U.S. Court of Appeals for the Third Circuit this week agreed to consider whether the Federal Trade Commission has the authority to regulate companies’ data security practices.

On Tuesday, the Third Circuit granted Wyndham Hotel and Resorts’ petition for interlocutory review of Judge Esther Salas’s denial of a motion to dismiss a FTC lawsuit that alleges that Wyndham violated the FTC Act’s prohibition against “unfair practices” by failing to reasonably secure its customers’ personal information. Although Salas’s opinion is not binding, it received  considerable attention because it was the first court opinion to decide whether the “unfairness” prong of the Section 5 of the FTC Act provides the Commission with the authority to bring actions involving data security. 

Denials of motions to dismiss are not immediately appealable, absent permission from both the district court and appeals court.  Salas certified the case for appeal in June, reasoning that there is substantial ground for differences of opinion on: (1) whether the FTC can bring a Section 5 unfairness claim involving data security; and (2) whether the FTC must formally promulgate regulations before bringing its unfairness claim.

In a brief to the Third Circuit last month, the FTC stated that although the case does not meet all of the requirements for interlocutory review, the legal issues are important and would benefit from review by an appellate court.  A Third Circuit order affirming Judge Salas’s opinion “would advance the public interest by removing the uncertainty that Wyndham is attempting to generate regarding the Commission’s statutory authority to protect consumers from unreasonable and harmful data security lapses,” the FTC wrote.

In an amicus brief supporting Wyndham’s petition for review, the U.S. Chamber of Commerce wrote that “companies currently struggle to decipher coherent standards from the FTC’s dozens of consent orders and previous pronouncements on data security, and to accommodate those dictates with other security regulations and risk management protocols.”

Assuming that the Third Circuit publishes its opinion in this case, the ruling would be binding in Delaware, New Jersey, and Pennsylvania.

© 2021 Covington & Burling LLPNational Law Review, Volume IV, Number 213
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Repeatedly ranked as having one of the best privacy practices in the world, Covington combines exceptional substantive expertise with an unrivaled understanding of the IT industry, and of e-commerce and digital media business models in particular.  Our practice provides exceptional coverage of all of the substantive areas of privacy, including IT/technology, data security, financial privacy, health privacy, employment privacy, litigation and transactions.  One of our core strengths is the ability to advise clients on relevant privacy and data security rules worldwide,...

202.662.5519
Advertisement
Advertisement
Advertisement