Yesterday the FTC announced it has settled its claims against Wyndham for inadequate data security, with Wyndham signing on to essentially the same consent order used by the FTC in most of its more than 50 concluded data security enforcement matters. The settlement marks the end of a three-year legal battle in which Wyndham attempted, unsuccessfully, to restrict the FTC’s authority to pursue companies for inadequate data security as an ”unfair” business practice under Section 5 of the FTC Act.

Wyndham’s settlement followed the Third Circuit Court of Appeals’ ruling earlier this year on an interlocutory appeal.  The Third Circuit’s opinion gave the FTC a green light to continue its pursuit of Wyndham for allegedly inadequate data security as an “unfair” business practice.

Wyndham was one of just two companies that have aggressively pushed back against the FTC’s data security enforcement authority. Now that Wyndham has left the building, only LabMD remains.

For a briefing paper analyzing the FTC’s data security positions in over 50 administrative enforcement actions under FTC Act Section 5, the Gramm-Leach-Bliley Act, FACTA, and COPPA, click here.