Wyndham-FTC Settlement Looks to PCI; Target Consumer Appeals Settlement; Leaders Propose Encryption Commission; Ashley Madison MDL in St. Louis; FTC Commissioner Warns of FCC ISP Overreach; Moms Sue Over Doll’s IoT Capability

Wyndham to Implement PCI-Focused Information Security Program in Settlement with FTC

On Wednesday, the FTC and Wyndham settled a long-standing dispute regarding the hospitality company’s alleged “unfair and deceptive” data security practices, a suit that confirmed the FTC’s authority to regulate in the space.  Wyndham agreed to establish a comprehensive information security program designed to protect payment cardholder data and to conduct regular structural audits of its information security systems – taking cues from the Payment Card Industry Data Security Standard.

Target Consumer Appeals $10M Data Breach Settlement

Californian James Sciaroni has appealed the $10 million consumer class action settlement approved in November by Judge Paul Magnuson.  When Sciaroni objected to the settlement in July, he argued that it “does not adequately compensate the class,” totaling only about 9 cents per class member in compensatory damages, in addition to the information security standards Target accepted.

House Homeland Security Chair Proposes Commission on Encryption and Privacy

On Monday, Rep. Michael McCaul (R-TX), chair of the House Homeland Security Committee, said he plans to introduce legislation to erect a “national commission on security and technology challenges in the Digital Age.”  In the weeks following the Paris terrorist attacks, Rep. McCaul cited “strong indicators” that the gunmen used encryption technology to “communicate in dark space.”  Sen. Dianne Feinstein (D-CA), the Senate Intelligence Ranking Member, has raised similar concerns, calling encryption the Internet’s “Achilles’ heel.”

St. Louis Will Host Ashley Madison Data Breach MDL

The U.S. Judicial Panel on Multidistrict Litigation on Wednesday consolidated five suits into one action before Judge John Ross in the Eastern District of Missouri.  The panel also acknowledged thirteen other actions, in eight federal district courts, arising from the controversial website’s widely-reported data breach in late summer 2015.

FTC’s Ohlhausen Warns Against FCC Over-Enforcement in ISP Privacy Space

In its March 2015 Open Internet Order, the FCC reclassified broadband service providers as “common carriers,” subject to FCC regulation under Title II of the Communications Act—in addition to the FTC scrutiny such firms face.  While some enforcers have suggested having more than one “cop on the privacy beat” benefits consumers, FTC Commissioner Maureen Ohlhausen on Monday warned of the risks of duplicative regulation and asked congressional leaders to resolve the overlap.  

Mattel Faces Privacy Suit over “Hello Barbie” Doll

On Monday, two California mothers sued toymaker Mattel and its partner in Los Angeles County Superior Court, claiming that the doll recorded their daughters without obtaining legally-required consent.  The plaintiffs claim the recording functionality violates the Children’s Online Privacy Protection Act, which imposes obligations on “operators of a Web site or online service directed to children” aged thirteen years or younger.