Companies with Poor Information Security Can Be Sued
The FTC now has the ability to pursue businesses that do not provide information and data protection for customers and that means businesses need to take action.
Poor information security can leave your company facing significant liability risks and costly lawsuits. A federal appeals court recently found that the Federal Trade Commission has the ability to go after businesses that have poor security practices in place in IT areas. In this particular case, the FTC fined Wyndham Worldwide Corporation for the three data breaches it had from 2008 and 2009, which lead to more than 619,000 customers data being put at risk and causing $10.6 million of fraud. The FTC filed a lawsuit against the company for failing to provide its customers with the necessary protections against hackers.
How Can the FTC Take Action?
As a business owner, this ruling should provide some indication of the level of risk you face in protecting your customers’ private information and credit card information. The FTC is using a component of a law from 1914 that provides the agency with the ability to prohibit any type of unfair or deceptive acts or practices that impact commerce. The ruling gives the FTC the ability to further go after cybersecurity threats, which seem to continue happening at many large businesses.
The FTC’s lawsuit against Wyndham will go forward and the agency stated that it believed the hotel chain unnecessarily and unreasonably exposed personal data from its customers’ in such a way as to allow unauthorized access and the risk of theft to occur. It is important to note that the U.S. government has not provided specific descriptions of what level of security is reasonable for businesses to carry in such cases, it is clear this is coming in some form. Additionally, the Obama Administration has supported transparency in data collection activities and empowering the FTC to ensure it occurs.
As a business owner, it is a part of your transaction with the customer not just to provide the promised services, but also to keep your customers’ private data and credit card information safe and secure from the risk of cyber theft. Poor information security could cost you millions of dollars otherwise in liability and fraud risks. Taking ample steps to protect this type of personal data is increasingly essential to business owners.