Tech Talk

Recent posts

People today expect to be connected always and everywhere; sometimes it’s hard to believe that there was a world before smartphones and Wi-Fi. In the time since Wi-Fi became ubiquitous in hotels, apartments, and public spaces, it has fueled the evolution of connectivity in a lot of ways. Just like Maslow’s hierarchy of needs, the most basic needs start at the bottom, and you can’t get to the next level without a strong foundation. 

By now, everyone is aware that hotel giant Marriott International announced on Friday a massive data breach that goes back more than four years and may have affected up to 500 million customers worldwide. 

After two years of preparation, the FlyZoo Hotel — a futuristic property that uses interactive technologies to do everything from greet guests to deliver room service — is ready for business. 

Mobile technology is fast becoming central to the entire travel experience. Consumers are increasingly using their smartphones to research trips, book accommodation, check in at the airport, and access their hotel room. But one of the next big roles mobile has to play in the travel process is mobile payment. The idea of an entirely cashless society might still seem some way off, but mobile payment is gaining popularity. As it becomes more widely used, its fast and frictionless nature will bring benefits before, during and after a trip. 

Digital marketing, also known as internet marketing, plays a significant role to boost hotel website traffic and online bookings. Recently, many big announcements were made in the digital industry, for example when Facebook introduced a new video format for marketers, or when Google announced a board core algorithm. If you are a new hotelier and want to stay ahead in the industry, then you should know what’s going on in the hotel digital marketing industry. 
 



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

End of Year Review: Privacy and Cybersecurity Law

12/17/2015

This past year saw a number of developments domestically and internationally in the area of privacy and cybersecurity, many of which have had – and will continue to have – a significant impact on the hospitality industry.  From the European Court of Justice’s historic ruling in the Schrems case to the EMV liability shift, the following are four of the most significant legal developments in privacy and cybersecurity law from 2015:

Maximillian Schrems v. Data Protection Commissioner
On October 6, 2015, in a widely reported decision, the European Court of Justice found the U.S. Safe Harbor framework to be invalid.  Safe Harbor had been an agreement established by the United States and the European Union to facilitate the transfer of personal data by U.S. companies between Europe and the United States.  Under Safe Harbor principles, companies could self-certify to having complied with certain data protection principles. More than 4,500 U.S. companies were registered under the Safe Harbor agreement prior to the Court’s decision striking it down. The decision itself raised more questions than it answered, leaving companies that had relied on Safe Harbor to wonder how quickly authorities might seek to enforce compliance with the decision, and how long they might have to seek out alternative methods to comply with European laws relating to the transfer of personal data.  Since the original decision, the European Union Commission issued further guidance, addressing alternative methods for the transmission of data between Europe and the United States that were not invalidated by the Schrems decision.  This decision has had a significant impact on the hospitality industry, and in particular on hotels that operate internationally.  The decision has implications for the transfer of data relating to both employees and guests.  Further guidance is still forthcoming, but in the meantime, hotels must rely on alternative methods for satisfying European data protection laws when they transmit data between Europe and the United States. 

FTC v. Wyndham Worldwide Corporation
The FTC brought this lawsuit against Wyndham after hackers accessed Wyndham’s computer systems and stole personal and financial information relating to hundreds of thousands of customers.  The lawsuit alleged that Wyndham had failed to adequately safeguard its computer network, leading to the breach. Wyndham argued that the FTC’s statutory authority did not extend to the regulation of cybersecurity and that Wyndham did not have fair notice of what cybersecurity practices could subject it to enforcement action by the FTC.  The Third Circuit Court of Appeals rejected Wyndham’s arguments, upholding the FTC’s data protection authority.  The Wyndham decision is significant to the hospitality industry both because it establishes the FTC’s right to take enforcement action against companies like Wyndham for data protection failures, and because the FTC’s claims against Wyndham included a specific list of alleged security failures that businesses can study to better identify some of the standards by which the FTC may judge the adequacy of their data security measures. 

EMV Liability Shift
The long-awaited liability shift for counterfeit credit card fraud between card issuers and merchants occurred in October of 2015.  The liability shift, which was industry-adopted and not dictated by any regulatory entity or legislative mandate, resulted in merchants assuming liability for card-related fraud if they did not replace or upgrade their card acceptance and processing systems to use chip-enabled devices to process payment transactions.  This EMV (EuroPay, Mastercard and Visa) smartcard technology, already in use in many other countries, has the potential to significantly reduce the risk of a breach of customer and guest payment card information, providing an added measure of security to hospitality industry businesses that support it, while also limiting their liability in the event of a breach. 

Class Action Lawsuits
In October 2015, Trump International Hotels Management became the latest victim of the plaintiff’s class action bar, facing a lawsuit stemming from a data breach that occurred between May 2014 and June 2015 in which hackers placed malicious software on payment card systems.  The complaint in Driscoll v. Trump International Hotels Management LLC essentially claims that the Trump organization failed to adhere to industry standard data security practices, resulting in the breach.  This litigation is one in a growing list of class action lawsuits filed across industries as a result of data breaches, including highly publicized lawsuits against Target and Neiman Marcus, among others.  Standing – whether a class of consumers can demonstrate that they suffered a sufficient injury to maintain their lawsuit – continues to be a hotly contested issue in many of these cases, with the Seventh Circuit weighing in this past July in favor of the plaintiffs in Remijas v. Neiman Marcus Group, LLC.  The United States Supreme Court is currently considering a similar standing issue in the context of a Fair Credit Reporting Act class action lawsuit, Spokeo v. Robins, the outcome of which could impact data breach class actions as well.

About The Author
Risa Boerner & Heather Steele




Risa Boerner is a partner in Fisher & Phillips LLP’s Radnor, Pennsylvania office and is the chair of the firm’s Data Security and Workplace Privacy Practice Group.  Heather Steele is an attorney in Fisher & Phillips LLP’s Radnor, Pennsylvania office and is also a member of the firm’s Data Security and Workplace Privacy Practice Group.
 
Heather Steele is an attorney in Fisher & Phillips LLP’s Radnor, Pennsylvania office and is also a member of the firm’s Data Security and Workplace Privacy Practice Group.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code