Key takeaways:

• The FTC was authorized to proceed with a lawsuit alleging that insufficient data-security practices at Wyndham were unfair to consumers, rejecting the hotel chain’s arguments that the agency’s authority to pursue “unfair” business practices does not extend to claims of inadequate data security.
• With state attorneys general and the class action bar also on the case, companies are well-served to constantly review and update their data security practices against the latest threats, or face claims that they violated the law by leaving corporate systems vulnerable to hacking.