Opinion

Hey “Chicken Littles,” Wyndham Doesn’t Mean the Sky is Falling

By Jeff Kosseff, CIPP/US

Based on the extensive news coverage of this week’s court ruling against Wyndham Hotels and Resorts in its battle with the Federal Trade Commission (FTC), one would think that the sky is falling on efforts to resist FTC enforcement actions relating to data security.

More from Jeff Kosseff

Opinion

IAPP Westin Research Center

In Standoff with FTC, Wyndham Shoots Itself in the Foot

The Federal Trade Commission’s (FTC) resounding victory over Wyndham Worldwide Corporation in a U.S. District Court paves the way for increasing privacy and data security action by the agency, which over the past decade has asserted itself as the most forceful and well-respected privacy enforcement authority in the world.

More from Omer Tene

Opinion

The Global Competition Between Privacy Models

Countries around the world are struggling to decide whether to adopt data protection law based on the proposed EU Data Protection Regulation or to use a U.S. approach to privacy protection. As I observed firsthand during a recent trip to Japan, the result is competition in global data protection policy making, with the European Commission on the one side and the U.S. government on the other side, both lobbying other countries to follow their respective models.

More from Christopher Kuner

The U.S.-EU Privacy Debate: Conventional Wisdom Is Wrong

Everybody knows the conventional wisdom: United States privacy law is weak and fractured, with neither comprehensive data protection legislation nor a dedicated privacy enforcement authority. The European Union is the gold standard of global privacy regulation, with its omnibus Data Protection Directive and collective force of 28 national data protection authorities. But, In fact, far from its caricature as a beat up railcar breathlessly panting behind the EU privacy locomotive, it is the U.S. that drives privacy policymaking worldwide.

More from Omer Tene

Opinion

Is A Criminal Statute Necessary To Supplement a Federal Breach Notification Law?

A few weeks ago, Jason Weinstein introduced Privacy Perspectives readers to Sen. Patrick Leahy’s (D-VT) Personal Data Privacy and Security Act of 2014, a bill that would enact a federal security breach notification law. While Weinstein’s position is well taken and should be considered as this bill moves through Congress, I believe that there is another issue that deserves considerable debate. In addition to creating the federal breach notification law, §102 of Leahy’s bill would open the door to criminal liability for anyone who “intentionally and willfully” conceals the fact of a security breach. Adding criminal liability is not to be taken lightly, and it would be wise for the information privacy and security community to think critically about whether the bill’s criminal statute would be a prudent addition.

More from Andrew Proia