First Observations about the Wyndham Settlement

The Wyndham case has settled. Here are several observations about the settlement:

  1. If Wyndham obtains a clean PCI-DSS assessment, Wyndham enjoys a presumption that it is in compliance with the requirement to have a “comprehensive information security program.” The presumption is important, because it is in effect a safe harbor from civil penalty/contempt actions. The FTC will have to go to court and overcome that presumption.
  2. Wyndham’s presumption can be invalidated if 1) Wyndham made a misrepresentation to the assessor or 2) Wyndham changed its technical architecture. Both 1 & 2 are important, meaningful exceptions. There is no mens rea attached to a false misrepresentation, so presumably any misrepresentation, including one made without fraudulent intent, would suffice. Also, companies do change their architecture in order to game assessments.
  3. The FTC did not secure much “fencing in” relief. The order principally pertains to card data security, despite labeling it a “comprehensive information security program.”
  4. Wyndham negotiated different treatment for its franchise hotels.
  5. It looks as though properties that Wyndham sells are no longer subject to the order.
  6. On the upside, in negotiating this settlement, the FTC has elevated its assessment standards in a sense. PCI, for all its problems, looks more like a standard that can be audited against, rather than “assertions” that are “assessed” in other privacy/security cases.
Вавада казино предлагает честные игры, простую регистрацию и щедрые бонусы. Зеркало позволяет всегда быть на связи с любимыми играми. Начните выигрывать в Вавада прямо сейчас! ghostwriter bachelorarbeit hausarbeit schreiben lassen