Similar to its on-going lawsuit against Wyndham Worldwide Corporation, the Federal Trade Commission (FTC) recently filed a data breach lawsuit against LabMD, a company that conducts laboratory tests on samples that physicians obtain from consumers.  The FTC alleges that the company exposed confidential billing information data for over 9,000 consumers through a peer-to-peer file-sharing network.

In a press release that should serve as a warning to all members of the hospitality industry, the FTC’s Bureau of Consumer Protection Director Jessica Rich commented that, “The unauthorized exposure of consumers’ personal data puts them at risk … The FTC is committed to ensuring that firms who collect that data use reasonable and appropriate security measures to prevent it from falling into the hands of identity thieves and other unauthorized users.”

The FTC clearly intends to continue its vigorous efforts to ensure that companies take reasonable and appropriate measures to prevent the unauthorized disclosure of sensitive consumer information, including payment card security.  The FTC has not permitted the current legal challenge in the Wyndham case to deter the FTC’s data breach enforcement activities.  Rather than await the final determination in the Wyndham case, the hospitality industry should be taking steps to adequately prepared to prevent, detect, and respond to data breaches, such as establishing a PCI compliance program.

The Venza Group has partnered with Arnall Golden Gregory (AGG) to create a series of interactive eLearning modules to address PCI compliance in the hotel industry. Management, employees and IT are taught about the requirements they must support as part of the Payment Card Industry Data Security Standards.  The Venza Group also is partnering with AGG to create an interactive eLearning module to train hoteliers on general privacy and security awareness issues.

Link: http://ftc.gov/opa/2013/08/labmd.shtm