The FTC has settled a lawsuit with the hotel company Wyndham over a series of data breaches that turned into a major test of the agency’s regulatory power. Under the agreement, Wyndham will not have to pay a fine or admit that it broke the law, but will have to institute “a comprehensive information security program” to stop future data breaches.
The agency first sued Wyndham in 2012, saying that lax security standards had paved the way for three data breaches that exposed information on hundreds of thousands of customers. Wyndham argued that the FTC didn’t have the authority to regulate cyber security standards. That claim led to a lengthy court battle, which eventually concluded with an appeals court ruling this year that the FTC did, in fact, have that authority — a decision the FTC will likely point to as it makes similar cases in the future.
This article originally appeared on Recode.net.