Wyndham Pulls Congress into its Fight with the FTC over Data Breach Liability

According to Wyndham Worldwide Corp., the hotelier and Congress see things eye-to-eye when it comes to the FTC’s lawsuit against the Wyndham for past data breaches.  On February 6th,Wyndham wrote a letter to a U.S. District Court, citing recently proposed legislation on the Hill to bolster its argument that the agency has no authority to regulate cybersecurity.

Wyndham first cites Sen. John Rockefeller’s (D-WV) Data Security and Breach Notification Act of 2014, which would require the FTC to issue rules to “identify each security technology and methodology that would render sensitive personally identifiable data unusable, unreadable, or indecipherable.”  Wyndham then cites Sen. Richard Blumenthal’s (D-CT) Personal Data Protection and Breach Accountability Act of 2014, which requires the FTC to “consult with the relevant industries, consumer organizations, and data security and identity theft prevention experts and established standards setting bodies” when issuing rules affecting the FTC’s enforcement authority over such organizations.  Wyndham wrote that it “believes that these provisions from the attached bills will assist the Court in rendering a decision on the pending motions to dismiss.”

The FTC, meanwhile, continues to exercise what it believes to be its enforcement authority in the area of cybersecurity.

Hotels can help ensure that they do not attract the FTC’s ire by properly training their employees to comply with robust data-security practices and policies by utilizing Venza’s PCI training modules or other custom learning solutions.
The Venza Group has partnered with the law firm Arnall Golden Gregory (AGG) to create a series of interactive eLearning modules to address PCI compliance in the hotel industry. Management, employees and IT are taught about the requirements they must support as part of the Payment Card Industry Data Security Standards.  The Venza Group also has partnered with AGG to create an interactive eLearning module to train hoteliers on general privacy and security awareness issues and on sexual harassment prevention.