The corporation had asked for the case to be dismissed arguing the FTC did not have jurisdiction to sue over lax security leading to a data breach.
"I'm pleased that the court has recognized the FTC's authority to hold companies accountable for safeguarding consumer data."It seems the FTC is taking more of an interest in ensuring consumers' data is protected. In September 2013 we noted an FTC case against a medical laboratory for "not using readily available measures to prevent and detect unauthorized access to personal information."
- FTC Chairwoman Edith Ramirez
Given the FTC's ability to sue regarding protecting consumer data, organizations need to review their preventive and detective controls. A detective control for unauthorized access to customer data, even by authorized users, is low-cost on-demand SaaS analytics services.
Download a white paper on privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) U.S. FTC can sue hotel group over poor data security, court rules - www.Yahoo.com, 04/07/2014