Court Decision Sets “Binding and Persuasive Precedent” Regarding FTC Authority to Police Data Security Practices 

The Federal Trade Commission is becoming even more interested in policing and enforcing standards for protecting consumers within the context of health information privacy and security. And, for the moment, it is receiving permission to do just that. IAPP provided some terrific coverage!

From the IAPP:

This week, a federal court in New Jersey shot down a challenge to the Federal Trade Commission (FTC) by Wyndham Hotels. In a motion to dismiss, Wyndham argued the FTC overstepped its authority by suing the company for poor data security practices. The ruling by U.S. District Court Judge Esther Salas, however, denied the hotel chain’s argument, saying the case can move forward.

Salas noted her ruling “does not give the FTC a blank check to sustain a lawsuit against every business that has been hacked” but added there is “binding and persuasive precedent” upholding the FTC’s authority.

FTC Chairwoman Edith Ramirez and Commissioner Julie Brill took to Twitter to applaud the court ruling. (Read more from the IAPP.)

The FTC Seems to be Making Themselves Comfortable in this Space

Another company, LabMD, recently shut down operations over the FTC’s investigation and is also challenging FTC authority/jurisdiction.

It appears the courts are paving the way for the FTC to be a full-fledged enforcer of data security. It also seems the FTC has no intention of slowing its pursuit of companies who fail to adequately protect consumer healthcare data. The stakes for HIPAA compliance just got a lot higher as a result.



Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.