In another recent decision a federal court in New Jersey denied the motion of Wyndham Worldwide Corporation, Wyndham Hotel Group, LLC, and Wyndham Hotel Management, Inc. (collectively, the “Wyndham Entities”) to dismiss the complaint brought by the FTC for unfair or deceptive acts or practices based on breaches of the property management computer system used by the Wyndham franchisor and its franchisees. FTC v. Wyndham Worldwide Corp., 2014 U.S. Dist. LEXIS 84913 (D.N.J. June 23, 2014). The FTC alleged that franchisor Wyndham Hotels and Resorts, along with its affiliates, engaged in (1) deceptive practices by misrepresenting that it used “industry standard practices” and “commercially reasonable efforts” to secure the data it collected from guests, and (2) unfair practices by failing to protect customer data based on data security breaches that occurred between 2008 and 2010. Wyndham Hotels and Resorts filed a separate motion to dismiss, which the court denied on April 7, 2014, although it gave Wyndham Hotels and Resorts leave to file an interlocutory appeal of the decision. (We reported on this decision in Issue 180 of The GPMemorandum.) The Wyndham Entities also filed a motion to dismiss the FTC’s complaint arguing that, among other things, they cannot be held liable for Wyndham Hotels and Resorts’ violations under a common-enterprise theory.
After considering the variety of factors alleged by the FTC, the court found that the FTC pleaded sufficient facts to reasonably infer a common-enterprise claim based on the lack of distinction between the defendants. Specifically, the FTC asserted that the defendants conducted business practices “through an interrelated network of companies that have common ownership, business functions, employees and office locations.” The FTC additionally alleged that during certain time periods, Wyndham Worldwide and Wyndham Hotel Group had responsibility for Wyndham Hotels and Resorts’ information security program. In response, the Wyndham Entities argued that they are engaged in legitimate and separate business endeavors, and that common-enterprise liability is appropriate only when separate corporations “are so interrelated that no real distinction exists between them.” Noting that the Wyndham Entities’ arguments only attacked the merits of the FTC’s claim rather than the sufficiency of its pleadings, the court denied their motion to dismiss.