Update on: Federal Trade Commission v. Wyndham Worldwide Corporation et al, U.S. District Court for the District of New Jersey, case no. 13-cv-1887
On December 9, 2015, Wyndham agreed to settle FTC charges that the company “failed to provide reasonable and appropriate security for the personal information [it] collected” (here).
According to the settlement agreement, Wyndham undertook to do the following.
- Establish a comprehensive information security program to protect cardholder data.
- Conduct annual security audits and maintain safeguards in connections to its franchisees’ servers.
- Obtain assessment of possible breaches that affect more than 10,000 payment card numbers and provide that assessment to the FTC within 10 days.
Wyndham’s obligations under the settlement shall be in place for 20 years.
For more information, Francesca Giannoni-Crystal