Overseas operatives hacked into consumer information stored with the Wyndham brand of hotels.  Yeah, it happens.  At that time, Wyndham published a privacy and data security policy that was typical, stating that personal information would be stored, and although ‘no protocol is 100% secure,’ that Wyndham would use “industry standard practices” to safeguard consumers’ private information and payment cards.

After the hack, and after the matter was not resolved by settlement, the FTC sued Wyndham for “deceptive practices,” generally claiming that the promise of data security was not an accurate representation, and one that consumers were deceived to think was a promise.

Now, the hotels have asked the federal court to dismiss the suit.  They argue that the FTC is acting beyond its authority, and that it has no authority to dictate data security or privacy policy standards.  It will be interesting to see what the Judge considers signficant, and whether the suit proceeds past this motion to dismiss.

FTC v. Wyndham, 2:13-CV-1887 (D.N.J.)