Wyndham Moves for Quick Appeal in FTC Data Security Case

On April 17th, Wyndham Worldwide Corp. filed a motion in a New Jersey federal court arguing that the court’s April 7th rejection of the hotelier’s motion to dismiss in the data security case against it by the FTC warranted immediate appellate review.

The court’s order denying Wyndham’s motion to dismiss is not appealable ‘‘as of right,’’ because it is not a final judgment.   In its motion, the hotelier argued that by rejecting its motion to dismiss and allowing the case against it to continue, the New Jersey court held that the FTC has the authority to regulate corporate data security practices under the FTC Act and that the FTC does not have a duty to publish regulations detailing what is looking for beforehand.  In its motion for appeal, Wyndham argued that, “[i]n light of the clear significance of the statutory authority and fair notice questions . . . immediate appellate review is warranted.”

It is unclear whether the Third Circuit will review the New Jersey court’s holding and weigh in on the FTC’s authority to regulate corporate data security practices.  Even if the Third Circuit does review the holding and provide input on the limits of the FTC’s authority, it will take a long time.  In the meantime, the court’s April 7th holding, which endorses the FTC’s authority in this area, highlights the need for hotels to proactively protect themselves from data breaches and help mitigate the regulatory scrutiny following such breaches by maintaining robust information security practices.  Hotels can help protect themselves from the risk of data breach by properly training their employees to comply with robust data-security practices and policies by utilizing Venza’s PCI training modules or other custom learning solutions.


The Venza Group has partnered with the law firm Arnall Golden Gregory (AGG) to create a series of interactive eLearning modules to address PCI compliance in the hotel industry. Management, employees and IT are taught about the requirements they must support as part of the Payment Card Industry Data Security Standards.  The Venza Group also has partnered with AGG to create an interactive eLearning module to train hoteliers on general privacy and security awareness issues and on sexual harassment prevention.