Ashkan Soltani has uploaded an important ruling in FTC v. Wyndham, a case discussed many times on this blog.
The short version of the ruling is that Wyndham went 0 for 3 on its challenges to the FTC’s authority to enforce data security under the FTC Act, to enforce data security in the absence of regulations that would provide fair notice, and the FTC’s pleading of the significant consumer injury or risk of concrete harm.
If you’re a fan of the FTC and want to see more enforcement for data security, today was a great day.
That said, Judge Esther Salas cautions:
To be sure, the Court does not render a decision on liability today. Instead, it resolves a motion to dismiss a complaint. A liability determination is for another day. And this decision does not give the FTC a blank check to sustain a lawsuit against every business that has been hacked. Instead, the Court denies a motion to dismiss given the allegations in this complaint— which must be taken as true at this stage—in view of binding and persuasive precedent.
Caption corrected.