Tech Talk

Recent posts

COVID-19 has caused many to reflect upon the fundamental operations of our global society and our day-to-day lives, including the way we travel. In hospitality, many are wondering how an industry that is so reliant on personal interactions can recover from the crisis and earn back guest confidence.

Lessons from The Last Dance
Posted: 08/10/2020

I don’t know about you, but I loved watching The Last Dance, the story of Michael Jordan & The Chicago Bulls' last season together and their journey to their 6th championship, and second triple win (3 years back to back, twice).

With the news cycle laser-focused on the looming threat of a COVID-19 second wave happening in nearly every territory, it is up to each and every hotel to ensure we are all fully compliant with virus safety guidelines in order to restore group booking confidence. And the only way to ensure compliance with these safety guidelines is through contactless and compliance technologies to give guests a strong guarantee of proper sanitization as well as peace of mind.

A great deal has been written over the years about the viability of moving a hotel’s property-management system (PMS) to the cloud to take advantage of the latest technologies, but hoteliers need to realize that it’s not the only viable option. All platforms have advantages, including self-hosted, private cloud and on-premise solutions that leverage the latest mobile, contact free and web-based technologies. Independent operators can still enhance the digital guest experience, support personalized and mobile check-in, deploy contact free technologies, and secure hotel/guest data even if their PMS does not reside in the cloud. It should not be a question of “Cloud or On Premise?” but rather “Does the PMS solve your business objectives in both technology and service?”

Much has been written in the mainstream hospitality press about the challenges COVID-19 has presented to the industry. Hotels are in more pain than at any time in our memories. Because of the extensive media coverage, I won’t dwell on this topic further in what is primarily a technology column. But it’s the background for this week’s column, and so merits acknowledgement.



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

LifeLock, Ashley Madison and Wyndham – Court Rejecting Wyndham’s Challenge is Bigger than One Case

08/26/2015
by Marion Roger

Those following the FTC Wyndham case just heard that the federal court rejected Wyndham’s challenge of the FTC’s authority to enforce data security as an unfair trade practice. In its original lawsuit, the FTC accused Wyndham of a long litany of privacy fails, from storing unencrypted credit card information to lacking firewalls to using easily-guessed passwords.

The far reaching implications of this recent decision are widespread. The basis for this suit is that consumers felt safe doing business with Wyndham based in part on a promise made that their data was safe. FTC also went after LifeLock for the same reason. The FTC charged that LifeLock’s data was not encrypted, and sensitive consumer information was viewable to more employees than only those on a “need to know basis.” In fact, the agency charged, LifeLock’s data system was vulnerable and could have been exploited by those seeking access to customer information” basis. LifeLock lost that case.

Since the mid-1990s, the FTC has been enforcing Section 5 of the FTC Act, 15 U.S.C. § 45, in instances involving privacy and data security. Section 5 prohibits “unfair or deceptive acts or practices in or affecting commerce.” During the past 15-20 years, the FTC has brought about 180 enforcement actions, the vast majority of which have settled.  The  key to the FTC’s argument is clear: Deception and unfairness are valid bases for FTC enforcement. Wyndham was one of the exceptions; instead of settling, it challenged the FTC’s authority to enforce to protect data security as an unfair trade practice.

To better grasp unfair trade practice think about the way the recent hackers of Ashley Madison justified their actions. Supposedly the motivation for the Ashley Madison Hack is to punish the company for promising subscribers that they were not vulnerable (as did LifeLock) and accepting money to wipe out their data even though the data was never wiped out. Whether you agree with the right to privacy of users of that site or the hacker’s activist datadump, the reality is a company made (lots of) money based on a promise that was knowingly not able to be kept and thus, it seen as deceiving their subscriber base into a false sense of security.

With Wyndam, they were breached three different times… The FTC viewed that the company had not taken the steps that are considered standard and reasonable to protect the data.

Why this and the 7th circuit’s recent decision about Neiman Marcus dovetail nicely is that actual injury should the data get in the wrong hands no longer has to happen for someone to have been victimized. I want to reiterate one great line the ruling: “And the FTC Act expressly contemplates the possibility that conduct can be unfair before actual injury occurs.” This line is key, as “actual injury” (or harm) is often a basis for many courts to dismiss privacy and data security cases.  The court makes clear here that “substantial injury” for FTC Act unfairness does not require actual injury. The FTC Act protects consumers against reasonably foreseeable harms when a company’s conduct facilitates these harms — even when a company’s conduct might not be “the most proximate cause of an injury.”

The takeaway? The assurances given to consumers about how you protect their information are subject to scrutinization by the law and compared to the ways you actually protect the data and whether you are going above and beyond the minimums ‘required’ by industry standards such as PCI DSS. If the government feels consumers have been ‘misled’ and as we can see in cases like LifeLock and Ashley Madison, they have, the FTC will be all over you like white on rice.

About The Author
Marion Roger
President
HRH Services LLC


Marion Roger is a specialist in the hospitality supply chain landscape who has led an industry initiative to support guest data security and has developed a hotel-focused training curriculum on PII protection. With a specialty focus on electronic reservation systems, payment technology protection and data security, Marion is a regular on the speaker circuit and contributor to Hospitality Upgrade on these key topics.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code