After the United States Court of Appeals for the Third Circuit recently affirmed the denial of Wyndham Hotel's motion to dismiss claims that it allegedly violated Section 5 of the FTC Act (as reported in Issue No. 197 of The GPMemorandum), a federal court in New Jersey entered a stipulated order for an injunction resolving the case. FTC v. Wyndham Worldwide Corp., No. 2:13-cv-01887 (D.N.J. Dec. 11, 2015). The complaint filed by the FTC alleged that Wyndham engaged in unfair practices by failing to maintain reasonable and appropriate data security for consumers' sensitive personal information. Under the stipulated order, Wyndham agreed—at least as to its company-owned hotels—to establish and maintain a comprehensive information security program to protect the security and confidentiality of consumer credit and debit card data for twenty years. This program must include the designation of employees to coordinate and be accountable for the program, the identification of potential internal and external risks to cardholder data and the development of safeguards to manage those risks, the development of a process to identify vendors and service providers who can adequately protect customer data, and the evaluation and adjustment of corporate-owned hotels' information security programs where appropriate.
Further, Wyndham must obtain an annual assessment of its corporate-owned hotels' compliance with these requirements. If there is a data breach involving more than 10,000 card numbers, further assessment of the hotels at issue will be required. Wyndham must also submit compliance reports to the FTC one year after the entry of the order and within two weeks of any change to its corporate structure or relevant points of contact, and must engage in ongoing compliance monitoring by the agency. Under this provision, the FTC may seek further discovery without leave of the court.
It is important to note, however, that the stipulated order specifically does not apply to Wyndham's "branded" (i.e., franchised) hotels.
PartnerMaisa Frank represents clients in a variety of litigation matters. Whether conducting pre-dispute investigations, navigating litigation, or negotiating resolutions, Maisa’s advice and strategy is vital to clients facing ...
The information contained in this post is provided to alert you to legal developments and should not be considered legal advice. It is not intended to and does not create an attorney-client relationship. Specific questions about how this information affects your particular situation should be addressed to one of the individuals listed. No representations or warranties are made with respect to this information, including, without limitation, as to its completeness, timeliness, or accuracy, and Lathrop GPM shall not be liable for any decision made in connection with the information. The choice of a lawyer is an important decision and should not be based solely on advertisements.
About this Publication
The Franchise Memorandum is a collection of postings on summaries of recent legal developments of interest to franchisors brought to you by Lathrop GPM LLP.
To subscribe to monthly emails for The Franchise Memorandum, please click here.
RSS Feed