Wyndham Data-breach Case Should Be Kept in Context, Hutchins Writes

Share Article

Amid obstacles such as the lack of universally applicable rules on data breaches, the federal case against Wyndham hotels is far from over, LeClairRyan attorney John P. Hutchins writes in commentary.

John P. Hutchins

The formulation of a general standard for data security—and an understanding of whether your organization is either within or outside of the boundary lines—is no more certain now than it ever has been

As some pundits see it, corporations should “lawyer up” in the wake of a federal appeals court ruling in the data breach case (FTC v. Wyndham) against hotel chain Wyndham Worldwide Corp. But such one-dimensional interpretations don’t give companies a clear picture of where the law really is on data security in the U.S., according to John P. Hutchins, a LeClairRyan shareholder and leader of the national law firm’s Privacy & Data Security practice team.

“The FTC still must establish—under a high burden of proof—what data security controls it believes Wyndham necessarily should have employed, but failed to,” Hutchins writes in a new blog post at LeClairRyan’s InformationCounts.com, which covers the rapidly evolving information economy. “We expect that Wyndham will likely offer significant expert testimony that its data security controls, while perhaps not perfect, were consistent with the types of controls employed by many other businesses, including others in its industry.”

In the blog post, “Just Like Neiman Case, FTC v. Wyndham Decision Not All It’s Cracked Up to Be,” Hutchins drills into the history of the Wyndham case and offers an in-depth look at the legal implications of the Aug. 24 ruling by the Third Circuit Court of Appeals (Case No. 14-3514). In that ruling, the appeals court did give the FTC a green light to go after corporations that fall victim to data breaches. However, Hutchins writes, “the formulation of a general standard for data security—and an understanding of whether your organization is either within or outside of the boundary lines—is no more certain now than it ever has been.”

“Given the almost de facto inevitability of data breaches—established by the more than 4,600 data breaches made public since 2005, impacting every size organization in every industry imaginable—the FTC has a very tough burden to meet in this case,” he adds. “And unless the FTC engages in some future rule-making regarding a standard of data security that all companies should follow (which is unlikely), it will be forced to establish the same proof in all future cases, on a case-by-case basis.”

LeClairRyan offers a full array of legal services related to the information economy. These include cyber security risk assessment and incident response; regulatory and compliance counseling; policy/best practices program development; procurement, outsourcing, e-commerce, and information management.

About LeClairRyan
As a trusted advisor, LeClairRyan provides business counsel and client representation in corporate law and litigation. In this role, the firm applies its knowledge, insight and skill to help clients achieve their business objectives while managing and minimizing their legal risks, difficulties and expenses. With offices in California, Colorado, Connecticut, Delaware, Georgia, Maryland, Massachusetts, Michigan, Nevada, New Jersey, New York, Pennsylvania, Texas, Virginia and Washington, D.C., the firm has approximately 380 attorneys representing a wide variety of clients throughout the nation. For more information about LeClairRyan, visit http://www.leclairryan.com.

Press Contacts: At Parness & Associates Public Relations, Bill Parness, (732) 290-0121, bparness(at)parnesspr(dot)com or Marty Gitlin (631) 765-8519, durangitlin(at)optonline(dot)net

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Bill Parness
Parness & Associates
+1 (732) 290-0121
Email >
Visit website