Tech Talk

Recent posts

Definitely Doug 11/17/23: The Hotel TV Dilemma
Posted: 11/17/2023

In case you missed the memo, people no longer watch television the way that they did ten years ago. Not at home, and not at hotels. Nielsen reported that streaming services cornered 34.8% of TV screen time in July 2022, when they overtook cable for the first time.

Property management systems (PMSs) fundamentally have changed very little since the 1980s. And many hotels still use systems that were built in the eighties, nineties, or aughts. Since then, massive technology changes have occurred: the mobile revolution, cloud computing, distributed ledgers, AI-based large language models, Web 3.0, and other innovations have fundamentally changed both the technological capabilities of software, the way it is designed and built, and expectations for user experience.

Read More +

Definitely Doug 10/20/23: Gluing It All Together
Posted: 10/20/2023

Hardly a day goes by that hotels do not express frustration about the inability to tie together key data sources and technology systems. This is not a new problem; it has been around for decades. Progress has been made on many fronts to be sure, but digitalization has created new issues much faster than solutions.

Read More +

What’s the Buzz Among Today’s Hoteliers?
Posted: 10/17/2023

What’s on the minds of hoteliers? What’s keeping them up at night? And what makes travelers happy and eager to return? Some of the best places to have these candid discussions are at the industry’s conferences and events, and this year’s lineup has not disappointed. From AAHOACON and BITAC, to HITEC and The Hospitality Show, I’ve been traveling steadily, attending 13 events since January.

Technology has become an indispensable part of the guest experience. As travelers increasingly expect tech-enabled convenience, hospitality businesses must continue innovating to meet these demands. While WiFi was once the primary tech offering for hotels, today's guests want more. Integrated proptech solutions are becoming the new standard.

Read More +

comment on this article

End of Year Review: Privacy and Cybersecurity Law

12/17/2015

by Risa Boerner & Heather Steele

This past year saw a number of developments domestically and internationally in the area of privacy and cybersecurity, many of which have had – and will continue to have – a significant impact on the hospitality industry. From the European Court of Justice’s historic ruling in the Schrems case to the EMV liability shift, the following are four of the most significant legal developments in privacy and cybersecurity law from 2015:

Maximillian Schrems v. Data Protection Commissioner
On October 6, 2015, in a widely reported decision, the European Court of Justice found the U.S. Safe Harbor framework to be invalid. Safe Harbor had been an agreement established by the United States and the European Union to facilitate the transfer of personal data by U.S. companies between Europe and the United States. Under Safe Harbor principles, companies could self-certify to having complied with certain data protection principles. More than 4,500 U.S. companies were registered under the Safe Harbor agreement prior to the Court’s decision striking it down. The decision itself raised more questions than it answered, leaving companies that had relied on Safe Harbor to wonder how quickly authorities might seek to enforce compliance with the decision, and how long they might have to seek out alternative methods to comply with European laws relating to the transfer of personal data. Since the original decision, the European Union Commission issued further guidance, addressing alternative methods for the transmission of data between Europe and the United States that were not invalidated by the Schrems decision. This decision has had a significant impact on the hospitality industry, and in particular on hotels that operate internationally. The decision has implications for the transfer of data relating to both employees and guests. Further guidance is still forthcoming, but in the meantime, hotels must rely on alternative methods for satisfying European data protection laws when they transmit data between Europe and the United States.

FTC v. Wyndham Worldwide Corporation
The FTC brought this lawsuit against Wyndham after hackers accessed Wyndham’s computer systems and stole personal and financial information relating to hundreds of thousands of customers. The lawsuit alleged that Wyndham had failed to adequately safeguard its computer network, leading to the breach. Wyndham argued that the FTC’s statutory authority did not extend to the regulation of cybersecurity and that Wyndham did not have fair notice of what cybersecurity practices could subject it to enforcement action by the FTC. The Third Circuit Court of Appeals rejected Wyndham’s arguments, upholding the FTC’s data protection authority. The Wyndham decision is significant to the hospitality industry both because it establishes the FTC’s right to take enforcement action against companies like Wyndham for data protection failures, and because the FTC’s claims against Wyndham included a specific list of alleged security failures that businesses can study to better identify some of the standards by which the FTC may judge the adequacy of their data security measures.

EMV Liability Shift
The long-awaited liability shift for counterfeit credit card fraud between card issuers and merchants occurred in October of 2015. The liability shift, which was industry-adopted and not dictated by any regulatory entity or legislative mandate, resulted in merchants assuming liability for card-related fraud if they did not replace or upgrade their card acceptance and processing systems to use chip-enabled devices to process payment transactions. This EMV (EuroPay, Mastercard and Visa) smartcard technology, already in use in many other countries, has the potential to significantly reduce the risk of a breach of customer and guest payment card information, providing an added measure of security to hospitality industry businesses that support it, while also limiting their liability in the event of a breach.

Class Action Lawsuits
In October 2015, Trump International Hotels Management became the latest victim of the plaintiff’s class action bar, facing a lawsuit stemming from a data breach that occurred between May 2014 and June 2015 in which hackers placed malicious software on payment card systems. The complaint in Driscoll v. Trump International Hotels Management LLC essentially claims that the Trump organization failed to adhere to industry standard data security practices, resulting in the breach. This litigation is one in a growing list of class action lawsuits filed across industries as a result of data breaches, including highly publicized lawsuits against Target and Neiman Marcus, among others. Standing – whether a class of consumers can demonstrate that they suffered a sufficient injury to maintain their lawsuit – continues to be a hotly contested issue in many of these cases, with the Seventh Circuit weighing in this past July in favor of the plaintiffs in Remijas v. Neiman Marcus Group, LLC. The United States Supreme Court is currently considering a similar standing issue in the context of a Fair Credit Reporting Act class action lawsuit, Spokeo v. Robins, the outcome of which could impact data breach class actions as well.

About The Author

Risa Boerner & Heather Steele

Risa Boerner is a partner in Fisher & Phillips LLP’s Radnor, Pennsylvania office and is the chair of the firm’s Data Security and Workplace Privacy Practice Group. Heather Steele is an attorney in Fisher & Phillips LLP’s Radnor, Pennsylvania office and is also a member of the firm’s Data Security and Workplace Privacy Practice Group.

Heather Steele is an attorney in Fisher & Phillips LLP’s Radnor, Pennsylvania office and is also a member of the firm’s Data Security and Workplace Privacy Practice Group.

Comments

Blog post currently doesn't have any comments.

Leave comment

Name:

E-mail:

Your URL:

Comments:

Enter security code: