31 August 2015
Massive data breaches affect hotels and their legal responsibilities. As unauthorized hacking of confidential data explodes in volume and seriousness, minimum expected standards are evolving that hoteliers and others must follow. Interestingly, the latest guidelines are provided in an August 24, 2015 appellate court decision involving Wyndham Worldwide as if to emphasize that these rules (really) apply to the hotel industry. How did this case arise? What are some basic steps that everyone with confidential data is expected to take? What happens if they don’t?
In the article below, my partner Bob Braun, explains the current situation and what it means to our industry.
FTC vs. Wyndham Worldwide – What it Means for Hotel Owners
Bob Braun, Hotel Lawyer and Data Security Advisor
Background on the case
On August 24, 2015, the Third Circuit United States Court of Appeals issued its ruling in the case FTC v. Wyndham Worldwide Corporation. The case was highly anticipated by the data security community generally for its expected ruling on the authority of the Federal Trade Commission to regulate data security standards, but nowhere was the anticipation more keen than in the hospitality industry. After all, this decision didn’t deal with retailers, banks or dating sites – it addressed a major hotel player and, by implication, all operators, brands and owners in the industry.
We know that cybercrime is big. In 2014, there were 42.8 million detected security incidents (and, most likely, many more that were never discovered). Estimates of annual cost of cybercrime to the global economy ranges from $375 billion to as much as $575 billion as companies face increased vulnerability, ranging from greater technology available to cybercriminals and new types of cybercrime, like crypto-ransom. CONTINUE READING →