On August 24, 2015, the U.S. Court of Appeals for the Third Circuit upheld a district court decision allowing the FTC’s data breach lawsuit against Wyndham Hotels & Resorts to go forward. The unanimous appeals court panel held that (1) FTC has authority to regulate cybersecurity breaches under the “unfairness” prong of § 5 of the FTC Act and (2) Wyndham had fair notice that its specific cybersecurity practices could fall short of that provision. The decision was a setback for WLF, which argued in a brief filed in support of Wyndham that because the FTC has never promulgated data-security standards, neither Wyndham nor any other member of the business community has any way to know beforehand what the FTC considers to be an “unreasonable” data-security measure. WLF also argued that the FTC’s enforcement approach fails to satisfy the constitutional requirement that defendants be given fair notice of conduct that can subject them to punishment before they are found liable.