PCI Security Council Releases New Best Practices Document for PCI Compliance

On August 28th, the Payment Card Industry (PCI) Security Standards Council published an information supplement entitled, “Best Practices for Maintaining PCI DSS Compliance,” which contains important guidance for all companies, including hotels, that store, process, or transmit cardholder data.  In the document, the Council cited statistics demonstrating that “organizations that suffered a data breach were […]

Payment Card Industry Council Says Companies are Responsible for Third Party Security and Compliance

On August 7th, the Payment Card Industry Security Standards Council, the payment card industry’s self-regulatory body, issued new guidance for companies, such as hotels, that share cardholder payment data with third party service providers.  The Council released the guidance, entitled the “Third-Party Security Assurance Information Supplement,” in response to its findings that the leading mistake […]

The National Consumers League Launches the #DataInsecurity Project

In late June, the National Consumers League (NCL) launched what it calls the “#DataInsecurity Project” to raise awareness of and push for action to improve consumer data security.  The NCL kicked off the project by announcing a cross-country “tour” of national events which will feature discussions by experts from the FTC and State AGs offices.  […]

FTC’s Julie Brill Calls on State AGs to Take Action Re: Data Privacy

In a speech delivered at a major meeting of state Attorneys General (AGs) in late July, FTC Commissioner Julie Brill emphasized the importance of state AGs’ role in privacy regulation and urged them take an active role in protecting both their own and the FTC’s unfair, deceptive and abusive acts or practices (“UDAAP”) authority.  In […]

$15 Million Settlement Agreement Reached in Sony Data Breach Case

You probably remember the massive data breach that Sony Entertainment suffered back in April 2011 in its video game online network which exposed the personal information of approximately 77 million PlayStation Network and Qriocity account holders, making it one of the largest data breaches of all time, and immersed Sony in years of expensive and […]

Recent Breach at eBay Shows Us What Not to Do

On May 21st, eBay announced that it had experienced a data breach that had potentially affected all 145 million of its users.  In addition to the shock wave of bad press, regulatory and congressional scrutiny, and calls to action by State Attorneys General that follow all high profile data breaches, eBay has been hailed as […]

Wyndham and LabMD Data Breach Litigation Continues

The hits just keep on coming for these two companies in the courts.  On May 2nd, Wyndham shareholders filed a derivative action in New Jersey, alleging that Wyndham’s Board of Directors caused “substantial damages to the company” by implementing inadequate data security practices.  This case is on top of the FTC’s administrative case against the […]

ABC News – LA – Reports on PCI Compliance

Just three weeks prior to Los Angeles hosting HITEC 2015, the hospitality industry’s largest technology conference, the local ABC news affiliate reports on the lack of awareness around PCI Compliance at the property level. The report contains startling quotes from hotel managers such as “I have no idea about PCI Compliance.”   Click to Watch […]

Love ‘Em or Hate ‘Em…but don’t ignore your Lawyer’s advice!

Yesterday, while banging around some golf balls at Pinehurst (pardon me while I name drop!) the guy next to me on the driving range joked with his buddy that the balls represented his lawyer! He was whacking them left, right and down the middle and doing so with a vengeance. It started me thinking about […]