Court Decision Sets “Binding and Persuasive Precedent” Regarding FTC Authority to Police Data Security Practices
The Federal Trade Commission is becoming even more interested in policing and enforcing standards for protecting consumers within the context of health information privacy and security. And, for the moment, it is receiving permission to do just that. IAPP provided some terrific coverage!
From the IAPP:
This week, a federal court in New Jersey shot down a challenge to the Federal Trade Commission (FTC) by Wyndham Hotels. In a motion to dismiss, Wyndham argued the FTC overstepped its authority by suing the company for poor data security practices. The ruling by U.S. District Court Judge Esther Salas, however, denied the hotel chain’s argument, saying the case can move forward.
Salas noted her ruling “does not give the FTC a blank check to sustain a lawsuit against every business that has been hacked” but added there is “binding and persuasive precedent” upholding the FTC’s authority.
FTC Chairwoman Edith Ramirez and Commissioner Julie Brill took to Twitter to applaud the court ruling. (Read more from the IAPP.)
The FTC Seems to be Making Themselves Comfortable in this Space
Another company, LabMD, recently shut down operations over the FTC’s investigation and is also challenging FTC authority/jurisdiction.
It appears the courts are paving the way for the FTC to be a full-fledged enforcer of data security. It also seems the FTC has no intention of slowing its pursuit of companies who fail to adequately protect consumer healthcare data. The stakes for HIPAA compliance just got a lot higher as a result.
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – What Level of Detail is Adequate? - April 29, 2017
- HIPAA Risk Analysis Tip – How Comprehensive Must Your HIPAA Security Risk Analysis Be? - April 25, 2017
- HIPAA Risk Analysis Tip – Does OCR really use the “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”? - April 23, 2017