This week’s Update leads with an important Data Privacy Update from Eva Novick, the newest member of our firm’s privacy and data security team. If you currently operate a loyalty program (or plan to introduce one soon), I encourage you to read her important update. Enjoy.
The Travel Industry’s Push on Climate May Have Legs
(“Hotelbeds lays out eco and social initiatives, joins Amazon Climate Pledge,” February 11, 2022 via Phocus Wire)
For some time now, we’ve all seen the many surveys of would be travelers (particularly, younger travelers) detailing the importance of the environment and climate change in today’s travel decisions. Our weekly Update has recently featured a number of stories about this trend, including the recent launch of online platforms offering travelers carbon neutral travel. Last week, Spain-based bedbank, Hotelbeds, released its annual Environmental, Social and Government Report in which Hotelbeds claims it has again (for the fourth year running) attained carbon neutral status through a combination of carbon reductions and offsets. At the same time, Hotelbeds also announced that it has joined Amazon’s Climate Pledge, which features companies committed to eliminating their carbon emissions to zero by 2040. So what does this really mean? Will efforts like these mean enough to travelers to actually drive bookings or market share? With Hotelbeds feeling the heat from increased competition in its wholesale space (think Expedia EPS and soon, Priceline’s equivalent offering), Hotelbeds is “banking” on it.
To celebrate Data Privacy Day, on January 28, California Attorney General Rob Bonta announced an investigative sweep of businesses offering loyalty programs in California. This should come as no surprise, as Attorney General Bonta highlighted loyalty programs as one of the areas of non-compliance his office addressed during the first year of California Consumer Privacy Act (CCPA) enforcement. In this sweep, the Attorney General’s office sent letters of non-compliance to businesses across different industries, including in the travel and food services industries. Those companies have 30 days to cure their non-compliance or will be subject to further enforcement action and penalties.
This blog post was originally published as a Legal Alert on GSB's website on July 3, 2018. The post was also authored by Victoria Redman, GSB’s 2018 Summer Associate, located in the Seattle office.
On Thursday, June 28, 2018, the California Consumer Privacy Act of 2018 (the Act) passed with resounding support from both Republicans and Democrats, who voted in favor of the bill 73-0-7 in the Assembly and 38-0-3 in the Senate. The Act, which takes effect on January 1, 2020, imposes requirements on the processing and protection of personal data similar to, and in some cases, more extensive than the requirements under the EU General Data Protection Regulation (GDPR), which went into effect on May 25, 2018.
Lawyers often say “bad facts make bad law”. Combine that with weak legal arguments and, well, things can get really bad, really fast. That’s precisely what happened to Wyndham yesterday when the Third Circuit affirmed a federal District Court decision that the Federal Trade Commission (“FTC”) has authority to regulate cybersecurity under the unfairness prong of § 45(a) of the Federal Trade Commission Act. While commentators may disagree on the result from a legal or policy perspective, one thing is for certain, it was a bad result for Wyndham. The decision rejected in no uncertain terms Wyndham's argument that the FTC lacked authority; and not kindly.
Benjamin Lambiotte, technology and data privacy attorney in Garvey Schubert Barer’s D.C. office, shares key points from two significant survey reports analyzing trends in data security breaches during 2014 that were released this week; one from Verizon, and the other from IBM and the Poneman Institute. It should come as no surprise to anyone that once again, the hospitality industry is featured prominently in both reports. Thank you, Ben! – Greg
A pair of recently effected state laws makes clear that information security remains a significant issue that receives and will continue to receive considerable legislative and commercial attention. Hoteliers, restaurateurs and others in the hospitality industry use personally identifiable information (PII) of their guests and customers to improve services and create a personalized experience.
Greg and I attended the annual Hospitality Law Conference in Houston this February, which devoted an entire track to data privacy issues. It’s the definition of a hot topic, and important, so please take note!
About the Editor
Greg Duff founded and chairs Foster Garvey’s national Hospitality, Travel & Tourism group. His practice largely focuses on operations-oriented matters faced by hospitality industry members, including sales and marketing, distribution and e-commerce, procurement and technology. Greg also serves as counsel and legal advisor to many of the hospitality industry’s associations and trade groups, including AH&LA, HFTP and HSMAI.