data breach

The hotel chain Wyndham Worldwide Corp. has settled data breach charges with the Federal Trade Commission, Reuters' Jonathan Stempel reports. The case was precedent setting because it was a test of the FTC's power to regulate data breaches as unfair or deceptive trade practices.

In the settlement, Wyndham must "establish a comprehensive information security program designed to protect cardholder data including payment card numbers, names and expiration dates," Stempel reports. The regulatory action was taken for breaches in which customers' credit card numbers were stolen.

The Federal Trade Commission has the authority to regulate lax cybersecurity as an unfair business practice, the U.S. Court of Appeals for the Third Circuit has ruled, Bank Info Security's Tracy Kitten reports. Hotel chain Wyndham Worldwide Corp. was sued by the FTC for allegedly having inadequate security measures to protect consumer data, which the agency said violated the FTC Act's unfair business practice provisions.

Cybersecurity attorney Chris Pierson said the case "'is a seminal case for the FTC for the proposition that the FTC has the power and ability to oversee cybersecurity breach issues as the nation's default regulator."'

Jeff Bennion, writing in Above the Law, has a helpful post about the lessons lawyers can learn from the leaked nude photos of Jennifer Lawrence that were apparently hacked out of her iCloud account: "Celebrities with nude photos in their cloud accounts are targets for the same reason lawyers with confidential client files in cloud accounts are: they are easy targets with highly bribable files. Lawyers are mostly clueless when it comes to cybersecurity, yet they use it to store their most valuable information." Bennion suggests that lawyers encrypt their files kept on the cloud in zip files, empty the trash in their cloud storage and make file sharing links temporary. The risk of a data breach, he says, is losing current clients, future clietns and your reputation.

And here's an article I wrote a few months back about the risk hackers pose to law firm's data security: http://www.cultivatedcompendium.com/reporting/risk-hackers-corporate-ame...

The California Court of Appeal has ruled that a healthcare provider did not violate that state's medical confidentiality law when a laptop containing four million patients' medical records was stolen, The Recorder reports. Sutter Medical Foundation could have faced $4 billion in statutory damages. 

The court concluded there could not be liability without evidence that anyone actually looked at the records and the patients' confidentiality was breached, The Recorder also reports.