LabMD and Wyndham Ask: Can the FTC Regulate Cybersecurity?
The FTC has been flexing its regulatory muscles in the realm of cybersecurity – and its targets are fighting back. Medical testing laboratory LabMD is contesting an FTC complaint filed against it in August, alleging that the company failed to properly protect consumers’ personal data after information on more than 9,000 consumers was found on a file-sharing network. In the complaint, the FTC alleges that LabMD had lax data-security practices and proposes an order that would require the company to implement certain information-security improvements and send data-breach notifications to affected consumers.
The basis of LabMD’s dispute with the FTC mirrors that of Wyndhams’, as the hotelier continues a separate but similar legal battle with the FTC – both companies say that the agency has no authority to regulate cybersecurity. The regulatory ambiguity is partially the result of uncertainty resulting from the ongoing congressional stalemate on cybersecurity legislation, which has left U.S. companies without a clearly identified national data-security regulator.
Despite this uncertainty, the FTC continues to exercise its enforcement authority in the area of cybersecurity. Hotels can help ensure that they do not attract the FTC’s ire by properly training their employees to comply with robust data-security practices and policies by utilizing Venza Group’s PCI training modules or other custom learning solutions.
The Venza Group has partnered with Arnall Golden Gregory (AGG) to create a series of interactive eLearning modules to address PCI compliance in the hotel industry. Management, employees and IT are taught about the requirements they must support as part of the Payment Card Industry Data Security Standards. The Venza Group also is partnering with AGG to create an interactive eLearning module to train hoteliers on general privacy and security awareness issues.