By Kate Tummarello - 08/18/14 10:57 AM EDT
The Wall Street Journal editorial board is criticizing the Federal Trade Commission (FTC) for “stretching the law” to go after companies that have been hacked.
In an editorial Sunday, the Journal sided with Wyndham Hotels in its case against the commission over charges that the hotel company failed to protect consumer data.
In 2012, the FTC brought a lawsuit against Wyndham for failing to protect consumers’ data — including credit card information — when the company suffered a data breach.
The company challenged the agency, accusing it of overreaching its congressionally granted authority.
The U.S. Court of Appeals for the 3rd Circuit said last month that it will consider Wyndham’s appeal after a district court rejected the company’s attempts to have the case dismissed.
The editorial board said it hopes the 3rd Circuit sides with Wyndham.
“The problem with [the FTC’s] reasoning is that the companies targeted by the FTC were the victims of ‘deceptive’ hacking acts,” the editorial board wrote. “But in FTC land they are guilty of an unfair trade practice for failing to have commercially reasonable data security practices for protecting consumers information.”
The editorial pushed back on the agency’s use of its ability to go after “unfair or deceptive practices” without providing guidelines about what constitutes unfair or deceptive practices when it comes to data security.
“Companies have more than ample incentive to deter hacking. … But using nebulous laws to hold companies to unspecified ex post facto standards of data security is an abuse of federal authority,” the editorial said.
In a statement, an FTC spokesman defended the agency while declining to comment on the specific case.
"It is important to note that our efforts in data security are focused not on breaches, but on the commonly known vulnerabilities that cause breaches and the steps businesses can and should take to protect the data that consumers have entrusted to them," the spokesman said.
"When businesses fail to adequately protect that data, the harms to consumers – from identity theft to extensive financial losses – can be very substantial.”
-- This post was updated at 6:04 p.m.