Tech Talk

Recent posts

Enterprise System Pitfalls: Summary
Today I’m wrapping up a series of posts on the broad topic of Enterprise System Pitfalls. In this series, my hope was to help shed light on the primary problems that cause us to miss budgets, fall short on capabilities, or completely fail when implementing an enterprise system. 

The Year in Review
As 2019 comes to a close, it’s time to count our blessings. One of mine has been the privilege (and fun!) of being able to reach out to so many interesting companies and get them to tell me what they’re doing that’s different, disruptive, and game-changing. The list of things I have to write about in future columns has only gotten longer in the nine months since I started writing this column.

Sustainable Innovation
Sustainability can yield multiple benefits to hotels. Saving energy and water yields direct cost savings. Revenue can be generated by guests who prefer to deal with businesses that minimize their environmental impact. And many would argue that conserving scarce resources is simply the right thing to do.

Meetings Innovation
The sale and delivery of groups and meetings is perhaps the most significant and under-automated functions for many hotels. Even though groups often account for 30% to 60% of revenue, most group bookings are still handled manually for most if not all of steps, as they move from a meeting planner’s research to a confirmed booking.

The biggest enemy to any system is complexity. In a system of inputs and outputs, such as an enterprise system, more complexity means more parts are used in interaction with inputs to create the outputs. Every part that must be built and maintained costs time and money

want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.


End of Year Review: Privacy and Cybersecurity Law

by Risa Boerner & Heather Steele

This past year saw a number of developments domestically and internationally in the area of privacy and cybersecurity, many of which have had – and will continue to have – a significant impact on the hospitality industry.  From the European Court of Justice’s historic ruling in the Schrems case to the EMV liability shift, the following are four of the most significant legal developments in privacy and cybersecurity law from 2015:

Maximillian Schrems v. Data Protection Commissioner
On October 6, 2015, in a widely reported decision, the European Court of Justice found the U.S. Safe Harbor framework to be invalid.  Safe Harbor had been an agreement established by the United States and the European Union to facilitate the transfer of personal data by U.S. companies between Europe and the United States.  Under Safe Harbor principles, companies could self-certify to having complied with certain data protection principles. More than 4,500 U.S. companies were registered under the Safe Harbor agreement prior to the Court’s decision striking it down. The decision itself raised more questions than it answered, leaving companies that had relied on Safe Harbor to wonder how quickly authorities might seek to enforce compliance with the decision, and how long they might have to seek out alternative methods to comply with European laws relating to the transfer of personal data.  Since the original decision, the European Union Commission issued further guidance, addressing alternative methods for the transmission of data between Europe and the United States that were not invalidated by the Schrems decision.  This decision has had a significant impact on the hospitality industry, and in particular on hotels that operate internationally.  The decision has implications for the transfer of data relating to both employees and guests.  Further guidance is still forthcoming, but in the meantime, hotels must rely on alternative methods for satisfying European data protection laws when they transmit data between Europe and the United States. 

FTC v. Wyndham Worldwide Corporation
The FTC brought this lawsuit against Wyndham after hackers accessed Wyndham’s computer systems and stole personal and financial information relating to hundreds of thousands of customers.  The lawsuit alleged that Wyndham had failed to adequately safeguard its computer network, leading to the breach. Wyndham argued that the FTC’s statutory authority did not extend to the regulation of cybersecurity and that Wyndham did not have fair notice of what cybersecurity practices could subject it to enforcement action by the FTC.  The Third Circuit Court of Appeals rejected Wyndham’s arguments, upholding the FTC’s data protection authority.  The Wyndham decision is significant to the hospitality industry both because it establishes the FTC’s right to take enforcement action against companies like Wyndham for data protection failures, and because the FTC’s claims against Wyndham included a specific list of alleged security failures that businesses can study to better identify some of the standards by which the FTC may judge the adequacy of their data security measures. 

EMV Liability Shift
The long-awaited liability shift for counterfeit credit card fraud between card issuers and merchants occurred in October of 2015.  The liability shift, which was industry-adopted and not dictated by any regulatory entity or legislative mandate, resulted in merchants assuming liability for card-related fraud if they did not replace or upgrade their card acceptance and processing systems to use chip-enabled devices to process payment transactions.  This EMV (EuroPay, Mastercard and Visa) smartcard technology, already in use in many other countries, has the potential to significantly reduce the risk of a breach of customer and guest payment card information, providing an added measure of security to hospitality industry businesses that support it, while also limiting their liability in the event of a breach. 

Class Action Lawsuits
In October 2015, Trump International Hotels Management became the latest victim of the plaintiff’s class action bar, facing a lawsuit stemming from a data breach that occurred between May 2014 and June 2015 in which hackers placed malicious software on payment card systems.  The complaint in Driscoll v. Trump International Hotels Management LLC essentially claims that the Trump organization failed to adhere to industry standard data security practices, resulting in the breach.  This litigation is one in a growing list of class action lawsuits filed across industries as a result of data breaches, including highly publicized lawsuits against Target and Neiman Marcus, among others.  Standing – whether a class of consumers can demonstrate that they suffered a sufficient injury to maintain their lawsuit – continues to be a hotly contested issue in many of these cases, with the Seventh Circuit weighing in this past July in favor of the plaintiffs in Remijas v. Neiman Marcus Group, LLC.  The United States Supreme Court is currently considering a similar standing issue in the context of a Fair Credit Reporting Act class action lawsuit, Spokeo v. Robins, the outcome of which could impact data breach class actions as well.

About The Author
Risa Boerner & Heather Steele

Risa Boerner is a partner in Fisher & Phillips LLP’s Radnor, Pennsylvania office and is the chair of the firm’s Data Security and Workplace Privacy Practice Group.  Heather Steele is an attorney in Fisher & Phillips LLP’s Radnor, Pennsylvania office and is also a member of the firm’s Data Security and Workplace Privacy Practice Group.
Heather Steele is an attorney in Fisher & Phillips LLP’s Radnor, Pennsylvania office and is also a member of the firm’s Data Security and Workplace Privacy Practice Group.

Blog post currently doesn't have any comments.
Leave comment

 Security code