Back in June, the US Federal Trade Commission (FTC) filed a lawsuit against Wyndham Worldwide Corporation and Wyndham Hotel Group, accusing the company of failing to protect the personal details of its customers. Now, Wyndham has filed a motion to dismiss the complaint.
According to the court document
, Wyndham highlights the fact that hackers breach companies all the time. They also underscore the fact that the US government is currently developing cybersecurity laws to address these issues.
However, the organization states that the FTC hasn’t allowed the “political process to settle the debate over the costs and benefits of cybersecurity policy” and filed a complaint under a section of the FTC Act which forbids unfair or deceptive trade practices.
“The FTC has not published any rules or regulations that might provide the business community with ex ante notice of what data-security protections a company must employ to be in compliance with the law,” the motion reads.
“Instead, the FTC is enforcing its vision of data-security policy through this selective, ex post enforcement action, which seeks to hold WHR liable without any fair notice as to what the law required,” it adds.
Furthermore, Wyndham claims that the FTC has failed to precisely pinpoint what the organization “did wrong” and tell other organizations what to do differently in order to avoid similar lawsuits.
The document notes that “the FTC’s approach would subject businesses to vague, unpublished, and uncertain requirements that would drastically alter the competitive landscape.”
As such, the company requests that the court dismisses the FTC’s complaint.
On the other hand, experts believe that even without proper regulations in place, companies should be held responsible if they fail to protect their customers.
Chester Wisniewski, senior security adviser at Sophos, has told
SC Magazine that it’s clear that the company’s negligence is to blame for the incidents.