Wouldn’t it be nice if the enforcers of federal laws we pay to protect us from those who would undermine our security and privacy offered us the same full and fair disclosures they expect of others? Perhaps that’s too much to hope for, of course, when the agency that issued the complaint against LabMD and is about to overturn its own Chief ALJ’s initial decision dismissing that complaint announces its settlement with Wyndham as a victory. Since you are about to be hit with hundreds of articles and law firm alerts telling you about the affirmation of the FTC’s power that the Wyndham settlement represents, I am going to try as always to bring you a little plain yet unspoken sub rosa truth omitted from the FTC announcement and probably from those articles and alerts:
For whatever reason — it thought the FTC would win, was tired of paying what must have been sky-high legal bills, was tired of being dragged through the mud, whatever — Wyndham signed the settlement document on October 19th, and its counsel signed on October 29th. Thus Friday the 13th of November — when the FTC’s Chief ALJ issued his stunning, important decision repudiating the FTC’s interpretation of Section 5(n) of the FTC Act as it relates to reasonable data security — was arguably almost as unlucky a Friday the 13th for Wyndham as it was for the FTC. Or at least that is something Wyndham can think about — as the FTC’s almost-certain ruling against its own Chief ALJ in LabMD finally makes it into the Article III courts — and then for the next 20 years.