Tech Talk

Recent posts

A great deal has been written over the years about the viability of moving a hotel’s property-management system (PMS) to the cloud to take advantage of the latest technologies, but hoteliers need to realize that it’s not the only viable option. All platforms have advantages, including self-hosted, private cloud and on-premise solutions that leverage the latest mobile, contact free and web-based technologies. Independent operators can still enhance the digital guest experience, support personalized and mobile check-in, deploy contact free technologies, and secure hotel/guest data even if their PMS does not reside in the cloud. It should not be a question of “Cloud or On Premise?” but rather “Does the PMS solve your business objectives in both technology and service?”

Much has been written in the mainstream hospitality press about the challenges COVID-19 has presented to the industry. Hotels are in more pain than at any time in our memories. Because of the extensive media coverage, I won’t dwell on this topic further in what is primarily a technology column. But it’s the background for this week’s column, and so merits acknowledgement.

Are You All In?
Posted: 07/27/2020

Imagine everyone in your organization engaged, aligned, and performing to their potential. Imagine everyone playing “All In.”

Great organizations have synergy. Their culture allows them to play to a rhythm at a different tempo than the average organization. How do you get that at your organization?

Many front-line hospitality workers rely on tips for a significant part of their paychecks. If not for tips, many hotel associates who serve as waitstaff, bartenders, housekeepers, bell staff, concierges and pool attendants would soon be looking for other jobs. This is a regional issue: in most of Asia and Europe, staff get higher base pay, and tips are either not expected at all, or are truly discretionary. But in the U.S., Canada, Britain and other countries, tips are an important reality, and one that’s not likely to change anytime soon.

As somebody who’s helped to grow a company from 13 people to nearly a thousand, I know very well the excitement that comes with having a mindset focused entirely on growth. Every newly acquired customer, every new office and every milestone means the gap between you and your nearest competitor is that much bigger and that much harder to overtake.



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

End of Year Review: Privacy and Cybersecurity Law

12/17/2015
by Risa Boerner & Heather Steele

This past year saw a number of developments domestically and internationally in the area of privacy and cybersecurity, many of which have had – and will continue to have – a significant impact on the hospitality industry.  From the European Court of Justice’s historic ruling in the Schrems case to the EMV liability shift, the following are four of the most significant legal developments in privacy and cybersecurity law from 2015:

Maximillian Schrems v. Data Protection Commissioner
On October 6, 2015, in a widely reported decision, the European Court of Justice found the U.S. Safe Harbor framework to be invalid.  Safe Harbor had been an agreement established by the United States and the European Union to facilitate the transfer of personal data by U.S. companies between Europe and the United States.  Under Safe Harbor principles, companies could self-certify to having complied with certain data protection principles. More than 4,500 U.S. companies were registered under the Safe Harbor agreement prior to the Court’s decision striking it down. The decision itself raised more questions than it answered, leaving companies that had relied on Safe Harbor to wonder how quickly authorities might seek to enforce compliance with the decision, and how long they might have to seek out alternative methods to comply with European laws relating to the transfer of personal data.  Since the original decision, the European Union Commission issued further guidance, addressing alternative methods for the transmission of data between Europe and the United States that were not invalidated by the Schrems decision.  This decision has had a significant impact on the hospitality industry, and in particular on hotels that operate internationally.  The decision has implications for the transfer of data relating to both employees and guests.  Further guidance is still forthcoming, but in the meantime, hotels must rely on alternative methods for satisfying European data protection laws when they transmit data between Europe and the United States. 

FTC v. Wyndham Worldwide Corporation
The FTC brought this lawsuit against Wyndham after hackers accessed Wyndham’s computer systems and stole personal and financial information relating to hundreds of thousands of customers.  The lawsuit alleged that Wyndham had failed to adequately safeguard its computer network, leading to the breach. Wyndham argued that the FTC’s statutory authority did not extend to the regulation of cybersecurity and that Wyndham did not have fair notice of what cybersecurity practices could subject it to enforcement action by the FTC.  The Third Circuit Court of Appeals rejected Wyndham’s arguments, upholding the FTC’s data protection authority.  The Wyndham decision is significant to the hospitality industry both because it establishes the FTC’s right to take enforcement action against companies like Wyndham for data protection failures, and because the FTC’s claims against Wyndham included a specific list of alleged security failures that businesses can study to better identify some of the standards by which the FTC may judge the adequacy of their data security measures. 

EMV Liability Shift
The long-awaited liability shift for counterfeit credit card fraud between card issuers and merchants occurred in October of 2015.  The liability shift, which was industry-adopted and not dictated by any regulatory entity or legislative mandate, resulted in merchants assuming liability for card-related fraud if they did not replace or upgrade their card acceptance and processing systems to use chip-enabled devices to process payment transactions.  This EMV (EuroPay, Mastercard and Visa) smartcard technology, already in use in many other countries, has the potential to significantly reduce the risk of a breach of customer and guest payment card information, providing an added measure of security to hospitality industry businesses that support it, while also limiting their liability in the event of a breach. 

Class Action Lawsuits
In October 2015, Trump International Hotels Management became the latest victim of the plaintiff’s class action bar, facing a lawsuit stemming from a data breach that occurred between May 2014 and June 2015 in which hackers placed malicious software on payment card systems.  The complaint in Driscoll v. Trump International Hotels Management LLC essentially claims that the Trump organization failed to adhere to industry standard data security practices, resulting in the breach.  This litigation is one in a growing list of class action lawsuits filed across industries as a result of data breaches, including highly publicized lawsuits against Target and Neiman Marcus, among others.  Standing – whether a class of consumers can demonstrate that they suffered a sufficient injury to maintain their lawsuit – continues to be a hotly contested issue in many of these cases, with the Seventh Circuit weighing in this past July in favor of the plaintiffs in Remijas v. Neiman Marcus Group, LLC.  The United States Supreme Court is currently considering a similar standing issue in the context of a Fair Credit Reporting Act class action lawsuit, Spokeo v. Robins, the outcome of which could impact data breach class actions as well.

About The Author
Risa Boerner & Heather Steele




Risa Boerner is a partner in Fisher & Phillips LLP’s Radnor, Pennsylvania office and is the chair of the firm’s Data Security and Workplace Privacy Practice Group.  Heather Steele is an attorney in Fisher & Phillips LLP’s Radnor, Pennsylvania office and is also a member of the firm’s Data Security and Workplace Privacy Practice Group.
 
Heather Steele is an attorney in Fisher & Phillips LLP’s Radnor, Pennsylvania office and is also a member of the firm’s Data Security and Workplace Privacy Practice Group.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code