Holding Back On Cyber-security is Subject to FTC Regulation

protect cyber security

Corporations’ cyber-security is now subject to FTC regulation. This ruling has been made by a US appeals court. According to the ruling, The Federal Trade Commission is within acceptable limits to direct corporations on the necessary steps they should observe in order to protect consumers’ data. Any corporation that does not comply is guilty and FTC can impose criminal charges against such a corporation.

Table of Content

1 . The Regulation Decision Stands Unopposed

2. Vague Standards

The major case is associated with Wyndham Worldwide Corp. This corporation owns the following most important budget hotel franchises: Travelodge, Super 8, Ramada, Howard Johnson, and Days Inn. According to reports, six hundred and nineteen thousand consumers’ credit card particulars were leaked to hackers, due to three security breaches in the years 2008 and 2009.


The Regulation Decision Stands Unopposed


The ruling made by US appeals court (allowing FTC to regulate corporations’ cyber-security measures) has been upheld by the Third US Circuit Court of Appeals in Philadelphia.  Since 2005, FTC has presented such actions in contradiction of companies without any success. As far as facing companies with inadequate cyber-security is concerned, the ruling made by US appeals court is the most high-profile win for the Federal Trade Commission.

The agency’s victory was achieved under the 1914 consumer protection law. According to the court, cyber-security insufficiency can be considered unfair if such practices causes damage or are to be expected to cause damage to the consumers, and the consumers are not in the position to protect themselves from such eventualities. Based on the ruling, the court ruled Wyndham Worldwide Corp privacy policy insufficient, and it makes consumers vulnerable to extensive financial damage.

In its defense, Wyndham Worldwide Corp claimed that it had no fair-minded notice of FTC expectations. However, the court refused the claims. Instead the court stated that in 2007 a guidebook for business was published by the FTC. The guidebook provides information on how to safeguard consumers’ personal details, including checklist of practices.


Vague Standards


According to appeals court decision,the Federal Trade Commission has the ability to regulate cyber-security measures taken by corporations. Meaning that corporations, under any circumstances, must certify their privacy policies are up-to-the-minute. Companies must remain updated with industry standard practices, if they opt to protect consumers’ personal details by using such standards.

Contrariwise, the same standards appear to be out-of-focus, because the Federal Trade Commission is now supposed to establish what cyber-security measures are fair. The most ill-fated aspect of cyber-security standards is that they keep on changing from one day to the next. For instance, a set of standards can be sufficient today, but deemed insufficient the following day. There are various uncertaintiessurrounding the Federal Trade Commission’s recent power. The uncertainties are: who will be responsible of coming up with cyber-security standards, and if small businesses are subjected to the same security standards as big companies.

Apparently, most of the corporations do provide information about security and privacy on their websites. These companies do not take responsibility for mistakes made by consumers. Therefore, it is up to the consumer to ensure he or she is informed of the corporation’s security measures, and if such measures are sufficient enough to guarantee his or her personal details security. In order to guarantee your own information securiny you can always try using VPN protected and anonymous connection.