In 2012, the FTC accused Wyndham Hotels of failing to use reasonable efforts to protect consumer information after hackers broke into Wyndham's corporate computer systems and stole credit card numbers.
A recent decision of the Connecticut Supreme Court signals a growing trend in Health Insurance Portability and Accountability Act (HIPAA) jurisprudence that could prove significant in the broader data-security context.
By now, businesses with an interest in data security are aware of FTC v. Wyndham Worldwide Corp., in which a US District Court of New Jersey held that the Federal Trade Commission (FTC) can bring enforcement actions for perceived data-security violations without first issuing guidance or standards.
The automatic renewal of subscription services has become quite commonplace: typically, companies renew subscribed services and charge credit card numbers maintained on file until the customer cancels the service or either the credit card or the service expires.
Plaintiffs traditionally face an uphill battle in class actions alleging misuse of personally identifiable information (PII) gathered from Internet cookie tracking (i.e., data transferred between users’ web browsers and companies’ web sites).
After a year of public-private collaboration and considerable anticipation, the National Institute for Standards and Technology’s (NIST) cybersecurity framework for critical infrastructure has arrived.