The 3rd U.S. Circuit Court of Appeals ruled in favor of the FTC in the agency’s privacy case against Wyndham Worldwide, Circuit Judge Thomas Ambro wrote in a decision Monday. Other circuit judges included Jane Roth and Anthony Scirica. After Wyndham’s computer systems were breached three times in 2008 and 2009 by hackers, resulting in hundreds of thousands of consumers having their personal and financial information stolen, the FTC alleged that Wyndham’s conduct was unfair and its privacy policy was deceptive. A federal district court denied Wyndham’s motion to dismiss the lawsuit. The 3rd Circuit granted interlocutory appeal on two issues: Whether the FTC has authority to regulate cybersecurity under the unfairness prong of its Section 5 authority and whether Wyndham had fair notice from the FTC that its cybersecurity practices fell short. Ultimately, the appeals court sided with the FTC. “The three requirements in § 45(n) may be necessary rather than sufficient conditions of an unfair practice, but we are not persuaded that any other requirements proposed by Wyndham pose a serious challenge to the FTC’s claim here,” Ambro wrote. “Wyndham repeatedly argued there is no FTC interpretation of § 45(a) or (n) to which the federal courts must defer in this case, and, as a result, the courts must interpret the meaning of the statute as it applies to Wyndham’s conduct in the first instance,” he said. “Thus, Wyndham cannot argue it was entitled to know with ascertainable certainty the cybersecurity standards by which the FTC expected it to conform,” Ambro said. “Instead, the company can only claim that it lacked fair notice of the meaning of the statute itself -- a theory it did not meaningfully raise and that we strongly suspect would be unpersuasive under the facts of this case.” Wyndham had no immediate comment. The ruling "reaffirms the FTC’s authority to hold companies accountable for failing to safeguard consumer data,” FTC Chairwoman Edith Ramirez said. “It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information.”

LG’s G Watch R becomes Wi-Fi capable with the most recent Android Wear update, allowing users to receive notifications and other information without a Bluetooth connection, said LG Friday. Over the next several days, LG’s G Watch, G Watch R and Watch Urbane will receive the Firmware Over-the-Air update, said the company. All three smartwatches will support interactive watch faces available from Google Play. With the interactive faces, users can tap on specific areas of the display to see additional information, said the company. The latest update also will allow LG Android Wear devices to support app-specific functions such as displaying a four-day weather forecast or performing translations in multiple foreign languages on the watch itself without having to use a connected phone, said the company.

Spotify CEO Daniel Ek issued an apology to users Friday for the confusion its new terms and conditions and privacy policy (see 1508180012) have caused, particularly on what kinds of information the streaming music service accesses and what the company does with the data. In its new privacy policy, Spotify asks permission to access photos, mobile device location, voice controls and contacts, Ek wrote in a blog post. “If you don’t want to share this kind of information, you don’t have to.” The information will be used to allow users to customize their experience, he said. The new privacy policy will be updated to reflect the additional explanations Ek provided, he said.

A year after Yelp publicized its gender and ethnic diversity data, the company has had a 124 percent growth rate in the number of women in engineering globally, an 86 percent growth rate in the number of African-Americans/black employees in the U.S., and an 88 percent growth rate in the number of Hispanics/Latinos in the country, Head-Diversity and Inclusion Rachel Williams wrote in a blog post Thursday. “We’re proud of what we’ve been able to accomplish over the course of a year,” Williams said. “My vision for diversity and inclusion is to be less tethered to specific numbers and to be more focused on ensuring that Yelp continues to be a 'Best Place to Work' for all of our employees, no matter their age, sexual orientation, race, ethnicity, disability or economic status.” To help create an inclusive environment, Yelp is offering unconscious bias training, working with community organizations and nonprofits, and has elevated employee-driven and grassroots groups, Williams said. Yelp recruiters have been encouraged to recruit from underrepresented communities, she said.

The Education Department is seeking public input on its draft guidance on protecting student medical privacy, wrote its Chief Privacy Officer Kathleen Styles in a blog post this week. “Recently, the Department has been asked if it is possible and/or appropriate for campus officials to share confidential medical records from on-campus services with university attorneys in the context of litigation between a university and a student,” Styles wrote. This sharing is potentially “allowable” if the university attorneys have a “legitimate educational interest” in the records, she said. But sharing a student’s sensitive medical records “may discourage the use of medical services provided on campus,” Styles said. Citing the Health Insurance Portability and Accountability Act, Styles said the department wants to “set the expectation that, with respect to litigation between institutions of higher education and students, institutions generally should not share student medical records with school attorneys or courts, without a court order or written consent.” Litigation directly related to the medical treatment itself or to the payment of medical treatment would be exempt, she said. Public comments on the proposed guidance will be accepted until Oct. 2.

ICANN has “every expectation” it will be able to complete the ongoing Internet Assigned Numbers Authority (IANA) transition process before its contract with NTIA expires Sept. 30, 2016, ICANN CEO Fadi Chehadé said Thursday during a conference call. NTIA said Monday that it intends to extend its contract with ICANN to administer the IANA functions a full year beyond the existing Sept. 30, 2015, contract deadline to allow additional time to plan and execute the transition. That extension provides some additional breathing room for the IANA transition but doesn’t leave much time for additional delays, stakeholders told us (see 1508190064). Any further extension beyond Sept. 30, 2016, would be problematic because it would cause uncertainty among ICANN stakeholders about the IANA transition’s future, given that the extended deadline will occur so close to the 2016 presidential election, Chehadé said. The election itself shouldn’t “have a direct impact” on the IANA transition because of the “almost complete consensus” among members of Congress about the transition’s value, he said.

Some particularly onerous reporting requirements "are tangible and significant" enough that the small-provider exemption to the updated transparency rules adopted in the FCC 2015 net neutrality order should be made permanent, the American Cable Association said in an ex parte filing posted Thursday in docket 14-28. It detailed a meeting that ACA staff including Ross Lieberman, senior vice president-government affairs, had with Consumer and Government Affairs Bureau staffers to elaborate on the ACA's position (see 1508060057). Collecting and disclosing information regarding various network practices such as use of filters and other means of addressing congestion, "would be burdensome, particularly because traffic management practices change as traffic types and patterns evolve," ACA said. Similarly, directly notifying customers about usage triggers "would burden smaller providers, particularly those that do not have automated notification systems in place," ACA said. While not objecting to the general obligation of notifying customers about network practices, ACA said smaller ISPs "should have flexibility in determining the specific information to be provided and how it should be disclosed."

Adobe released a security update to address a vulnerability that may allow a remote attacker to obtain sensitive information from an affected system, said an alert from the U.S. Computer Emergency Readiness Team Tuesday. The security updates are for LiveCycle Data Services versions 4.7, 4.6.2, 4.5 and 3.0x, the alert said. Microsoft also released a critical security update to address a vulnerability in Internet Explorer, said a U.S. Computer Emergency Readiness Team alert Wednesday. Exploitation of the vulnerability could allow a remote attacker to take control of an affected system if the user viewed a specially crafted webpage, it said.

Voxx International will create an “acquiring entity” to buy a majority stake in EyeLock, an iris authentication technology supplier, Voxx said in a Wednesday announcement. EyeLock has developed “a portfolio of biometric solutions based on iris authentication with more than 70 patents and patents pending,” Voxx said. Its technology “provides an unprecedented level of convenience and security with biometric accuracy, making it the most proven way to authenticate one's identity aside from DNA,” it said. EyeLock’s “advances” in iris authentication have made it possible to use “this highly secure technology” across “a broad array” of consumer and business-to-business IoT applications, “without compromising accuracy or ease-of-use,” Voxx said. Terms weren’t disclosed.

A subsidiary of Seagate Technology agreed to buy software and hardware storage systems supplier Dot Hill Systems in a cash transaction valued at $694 million, Seagate said in a news release Tuesday. Dot Hill's board unanimously approved the transaction, which is expected to close in Q4 pending regulatory approval, the release said.