- failed to use strong (and in some cases any) passwords to limit access to computer files;
- failed to use firewalls to separate corporate and hotel computer systems;
- improperly stored payment information in clear text;
- failed to implement reasonable measures to detect security breaches;
- failed to implement proper incident response procedures or remedial steps after learning of a data breach; and
- failed to adequately restrict access to company systems by third party vendors.
The claims stem from three separate data breaches over a period of two years in which hackers obtained the private information of more than 600,000 customers, which led to more than $10.6 million in fraudulent charges.
It has been a busy year thus far for public accommodations issues under the Americans with Disabilities Act (ADA). In this week’s post, Mike Brunet, a member of our Hospitality, Travel & Tourism team, rounds up past issues, discusses a new public accommodations ruling that could affect your business, and speculates as to where public accommodations issues might go in the next year, informed by his attendance at the recent 2012 National ADA Symposium.
March 15, 2012: ADA revisions become effective.
As detailed in a prior 2012 post, the first significant revisions to public accommodations regulations in almost 20 years became effective March 15, 2012. These revisions are far-ranging, potentially requiring changes to existing and planned features in any place of public accommodation, including hospitality properties and restaurants.
April-May, 2012: The battle over swimming pool accessibility heats up.
Also discussed in two posts previously this year (here and here), was a battle between the U.S. Department of Justice (DOJ), which enforces ADA regulations, and hospitality owners and trade associations over swimming pool accessibility. DOJ interpreted the new ADA regulations to require fixed (as opposed to portable) swimming pool lifts that could not be shared between pools, while hoteliers raised safety, financial and availability reasons why the DOJ’s interpretation was incorrect. DOJ extended the date to comply with its interpretation until January 13, 2013, and legislation has been introduced in Congress to clarify what is required to comply with swimming pool access regulations.
Just this week, the Seattle Office for Civil Rights released its final regulations for the new Paid Sick/Safe Time ordinance. They arrived not a moment too soon, because the ordinance goes into effect on September 1, 2012. If you haven’t already started planning for compliance, you should now.
The new law will require businesses to accrue and provide paid sick and safe leave for employees when they or their family members are ill or are a victim of domestic violence. The law also includes notice and posting requirements to employees, as well as record keeping and reporting.
In an earlier posting, we walked through the basic requirements of the law. Here is a more detailed look at the law and tips on how you can ensure compliance.
Greg Duff founded and chairs Foster Garvey’s national Hospitality, Travel & Tourism group. His practice largely focuses on operations-oriented matters faced by hospitality industry members, including sales and marketing, distribution and e-commerce, procurement and technology. Greg also serves as counsel and legal advisor to many of the hospitality industry’s associations and trade groups, including AH&LA, HFTP and HSMAI.