Co-authored by ctito
On April 7, 2014, the District Court in New Jersey allowed the FTC to proceed with its suit against a franchisor hotel chain alleging unfair and deceptive trade practices in connection with the Defendants’ failure to maintain reasonable and appropriate data security for consumers’ sensitive personal information. While the case is far from over, it has far reaching implications for franchisors and franchisees relating to independence between franchisor and franchisee, liability for one another’s actions and data security issues. This is part one of a three-part series touching on these issues – next will be implementing a data breach plan and the third will address vicarious liability.
The Court ignored the traditional franchisor/franchisee relationship in the context of a motion to dismiss the complaint (which addresses the sufficiency of the allegations in the complaint and not the substantive legal issues) and found that the FTC has the authority to regulate a franchisor’s failure to maintain reasonable and appropriate data security; the FTC adequately pled “substantial injury to consumers” requirement; and the FTC pled deceptive practices.
The suit could have far reaching implications as to the traditional independence between franchisor and franchisee not only in terms of data protection but labor and employment or other areas of the law.