As if you didn’t have enough keeping you up at night, the topic of data security continues to send collective shivers up the spines of business owners worldwide. Unfortunately, the Aug. 24, ruling by the United States Court of Appeals for the Third Circuit didn’t make matters any better (or less expensive) for businesses guilty of failing to protect their customers’ data. In fact, companies that utilize poor security practices that ultimately lead to a breach of consumer data are at risk of facing further disciplinary action and penalties.
What does the FTC’s Courtroom Win Mean To Business Owners?
If you haven’t taken data security seriously in the past, it’s time to get real serious about it real quick.
Prior to the ruling, companies at the center of a data breach had to battle with lawsuits while working to rebuild their reputations. Now, in addition to litigation and negative headlines, your organization must also risk being fined by the Federal Trade Commission (FTC). Businesses can no longer operate with a subpar data security infrastructure. Those that do are at risk of losing everything.
The court upheld the FTC’s 2012 lawsuit against Wyndham Worldwide, a company known for operating hotels and time-shares. Records show that the FTC filed complaints against Wyndham for three data breaches occurring in 2008 and 2009, which resulted in more than $10.6 million in fraudulent charges. In its decision, the appeals court reaffirmed previous rulings that found Wyndham to be responsible for implementing better security practices, which would have helped prevent such breaches from occurring in the first place.
According to the FTC’s argument, software used at Wyndham-owned hotels stored credit card information as readable text, hotel computers lacked a system for monitoring malware, there was no requirement for user identification and or to make password difficult for hackers to guess, the company failed to use firewalls and, ultimately, failed to employ reasonable measures to detect and prevent unauthorized access to the computer network or to conduct security investigations.
“Today’s Third Circuit Court of Appeals decision reaffirms the FTC’s authority to hold companies accountable for failing to safeguard consumer data,” said FTC Chairwoman Edith Ramirez. “It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information.”
Next Steps For Businesses
With regard to the case between the FTC and Wyndham, the next chapter of the story is uncertain. While the win in the courtroom has helped put some wind in the FTC’s sails, the commission has yet to levy any penalties or assertions against the defendant. What is clear, however, is that a data security breach is a very real threat – one that is felt by nearly every business in the world. Furthermore, as technology continues to advance and hackers adapt, the security procedures businesses deploy must be top-notch to avoid further complications and costs associated with a sloppy security infrastructure.
Will you be ready when disaster strikes? Email Rea & Associates today to learn what you can do to protect your business from unforeseen threats.
By Brian Garland, CPA (Dublin office)