Tech Talk

Recent posts

Today I continue my series on enterprise system pitfalls and discuss the problem of over abstraction. Be sure to read my previous post which lays the foundation for this series.

Are we getting the economic return we should be with new technology innovation? In this article, I’m starting a series reflecting on common weaknesses in enterprise systems development, and am going to try to unpack as concisely as I can these pitfalls we fall into.  We’ll analyze why we stumble into these problems, our struggle recognizing the root causes, and the results.

HU talks with Bob Diachenko, the cybersecurity expert who discovered the breach, about steps hotels can take to prevent data incidents

A groundbreaking new report by the Urban Land Institute in Washington, D.C. explores sustainability in the hospitality industry and examines ways in which hotels are incorporating eco-friendly best practices into both operations and construction. The study includes insights from leading hotel owners, developers and investors.

Every hotel owner wants to know how he can increase the traffic to the website, and at the same time, boost direct bookings. The key to accomplish both the objectives is to design a site that is accessible even to disabled people. It will not only improve the usability for all types of visitors, but it will also improve your market penetration. Designing ADA website is also very imperative to prevent legitimate complications. In addition to this, an ADA feature will aid in improving the website performance in search engines.



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

LifeLock, Ashley Madison and Wyndham – Court Rejecting Wyndham’s Challenge is Bigger than One Case

08/26/2015
by Marion Roger

Those following the FTC Wyndham case just heard that the federal court rejected Wyndham’s challenge of the FTC’s authority to enforce data security as an unfair trade practice. In its original lawsuit, the FTC accused Wyndham of a long litany of privacy fails, from storing unencrypted credit card information to lacking firewalls to using easily-guessed passwords.

The far reaching implications of this recent decision are widespread. The basis for this suit is that consumers felt safe doing business with Wyndham based in part on a promise made that their data was safe. FTC also went after LifeLock for the same reason. The FTC charged that LifeLock’s data was not encrypted, and sensitive consumer information was viewable to more employees than only those on a “need to know basis.” In fact, the agency charged, LifeLock’s data system was vulnerable and could have been exploited by those seeking access to customer information” basis. LifeLock lost that case.

Since the mid-1990s, the FTC has been enforcing Section 5 of the FTC Act, 15 U.S.C. § 45, in instances involving privacy and data security. Section 5 prohibits “unfair or deceptive acts or practices in or affecting commerce.” During the past 15-20 years, the FTC has brought about 180 enforcement actions, the vast majority of which have settled.  The  key to the FTC’s argument is clear: Deception and unfairness are valid bases for FTC enforcement. Wyndham was one of the exceptions; instead of settling, it challenged the FTC’s authority to enforce to protect data security as an unfair trade practice.

To better grasp unfair trade practice think about the way the recent hackers of Ashley Madison justified their actions. Supposedly the motivation for the Ashley Madison Hack is to punish the company for promising subscribers that they were not vulnerable (as did LifeLock) and accepting money to wipe out their data even though the data was never wiped out. Whether you agree with the right to privacy of users of that site or the hacker’s activist datadump, the reality is a company made (lots of) money based on a promise that was knowingly not able to be kept and thus, it seen as deceiving their subscriber base into a false sense of security.

With Wyndam, they were breached three different times… The FTC viewed that the company had not taken the steps that are considered standard and reasonable to protect the data.

Why this and the 7th circuit’s recent decision about Neiman Marcus dovetail nicely is that actual injury should the data get in the wrong hands no longer has to happen for someone to have been victimized. I want to reiterate one great line the ruling: “And the FTC Act expressly contemplates the possibility that conduct can be unfair before actual injury occurs.” This line is key, as “actual injury” (or harm) is often a basis for many courts to dismiss privacy and data security cases.  The court makes clear here that “substantial injury” for FTC Act unfairness does not require actual injury. The FTC Act protects consumers against reasonably foreseeable harms when a company’s conduct facilitates these harms — even when a company’s conduct might not be “the most proximate cause of an injury.”

The takeaway? The assurances given to consumers about how you protect their information are subject to scrutinization by the law and compared to the ways you actually protect the data and whether you are going above and beyond the minimums ‘required’ by industry standards such as PCI DSS. If the government feels consumers have been ‘misled’ and as we can see in cases like LifeLock and Ashley Madison, they have, the FTC will be all over you like white on rice.

About The Author
Marion Roger
VP Business Development
Hospitality E Resources


Marion Roger, vice president of Hospitality E Resources (HER Consulting), is a specialist in the hospitality supply chain landscape who is currently leading an industry initiative to support guest data security and has developed a hotel-focused training curriculum on PII protection. With a speciality focus on electronic reservation systems, payment technology protection and data security, Marion is a regular on the speaker circuit and contributor to Hospitality Upgrade on these key topics.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code