FTC Data Breach Lawsuit Against Wyndham Hotels Enters Expensive Discovery Phase
The FTC’s lawsuit against Wyndham is moving forward. On November 7th, a U.S. District Court in New Jersey refused to grant the company’s request for a stay in the case while the court considers the company’s motion to dismiss on grounds that the FTC lacks authority to regulate data security. In holding that the case should proceed, the judge stated, “there is a need to move this case forward.” As a result, Wyndham will now have to conduct burdensome and expensive discovery.
You may recall that in July 2012, the FTC sued Wyndham after hackers stole data on more than 619,000 of the hotel’s consumer payment card numbers, alleging that Wyndham failed to take adequate steps to protect its guests’ credit card information from data breaches. An adverse ruling in this case could cost Wyndham millions of dollars in damages.
As is evidenced by this case and many others, the FTC has taken a very aggressive approach with companies (including those in the hotel industry) who, in the FTC’s opinion, fail to adequately safeguard their customer’s private data. Hoteliers need to adjust to this new reality by proactively training their employees on best practices for protecting their guests’ credit card and personal financial information, which includes training in PCI compliance.
To ensure that they are taking a proactive approach in this environment of increased regulatory scrutiny and litigation by the FTC, hotels are well advised to use PCI training modules or other custom learning solutions to protect themselves and their guests’ private data.
The Venza Group has partnered with Arnall Golden Gregory (AGG) to create a series of interactive eLearning modules to address PCI compliance in the hotel industry. Management, employees and IT are taught about the requirements they must support as part of the Payment Card Industry Data Security Standards. The Venza Group also is partnering with AGG to create an interactive eLearning module to train hoteliers on general privacy and security awareness issues.