Aug 26, 2015

How will the FCC’s new efforts to hold companies accountable for lax cybersecurity change how businesses approach the issue?

The FCC went after Wyndham Hotels for repeatedly failing to protect its customers’ data. We see breach after breach, and often it is the result of lax security practices. Could the FCC stepping into the game be the push that companies need to take cybersecurity more seriously?
The FCC has actually been using its authority to hold companies accountable for years, what happened recently is that Wyndham was challenging the authority to do so. The Appellate Court soundly rejected the company's challenge, and rightly so.

What this recent ruling does is affirm the legal authority to hold companies accountable for failing to take reasonable steps to safeguard their customers' data. It doesn't really add anything new other than puts other companies on notice that the FCC does have that authority under the law and can hold them accountable. Whether it will change behavior is a different question. My experience is that many companies don't take security issues nearly seriously enough until a breach occurs, and then it is too late. Maybe the risk of government action against them will nudge them to do what they already should be doing.

ITworld had an article on this decision that you might like to take a look at:
Answer this