Need Local Counsel?
Check out Find A Lawyer to find national and international attorneys with experience in the hospitality industry!
December 2009 • Vol I, Issue 2
In this Issue:
- 2010 Hospitality Law Conference Offers Data Privacy & PCI-DSS Conference for Hospitality Industry - Register Now
- Data Privacy and PCI Compliance – Minimize Data and Effort
- The Top 10 Compliance Issues for the Payment Card Industry (PCI)
- The New Massachusetts Data Protection Law – Changes to Business Operations
- The Currency of Progress?”Visa and MasterCard Arrogate Governmental Powers in the Name of Card System Security
- Who You Should Know
- PCI Compliance Webinars and Forms
The 2010 Hospitality Law Conference
Focusing on Worldwide Legal, Safety, & Security Solutions
February 3-5, 2010
Omni Hotel in Houston, Texas
Register now to take advantage of the Early Registration Discount!
The conference features a dedicated Information Protection and Privacy, including Payment Card Industry Data Security Standards, Workshop:
- From the Back of the Line to Headline;
Chris Zoladz, Navigate - Where PCI Responsibilities End and Start with a Brand, Owner, and Franchisee;
Mike Dickersbach, Thayer Lodging
Jeff Parker, Magnolia Hotels - Now That You Scared Me - What Steps Can I Take To Reduce PCI Risks?;
Charles Hoff, Law Offices of Charles Hoff
Kal Nusair, University of Central Florida - Raising the Bar for PCI;
Andy Barker, Singular Logic
Joseph Beckman, Hellmuth & Johnson, PLLC - Forensic Investigations – Lessons Learned in Managing a Data Breach; and
Kennet Westby, Coalfire Systems - Future of Payment Card Security and the PCI Standards.
Troy Leach, PCI Security Standards Council
Attendees will also be interested in the “Information Protection & Privacy: The New High Stakes Game” and the “Critical Issues in Payment Card/Merchant Relations” general sessions on Thursday, February 4. Also on February 4, attend "What Lawyers & Operators Need to Know about Hospitality Operations, Part II" to learn strategies on how to mitigate your property tax liability.
Don't miss the Wine Tasting & Product Showcase on Thursday, February 4, to be eligible to win a $1,000 American Express gift card. Stay until the end of the conference to be eligible to win a $500 American Express gift card, which will be drawn during the Closing Remarks on Friday, February 5.
Data Privacy and PCI Compliance – Minimize Data and Effort
by Chris Zoladz, Navigate LLC
Hotels, restaurants, country clubs, spas and many other organizations routinely collect, process and store personally identifiable information (“PII”) pertaining to their customers and employees as a necessary part of daily business. This information is subject to a myriad of U.S. State security breach laws and the upcoming “Standards for the Protection of Personal Information of Residents of the Commonwealth” which pertains to Massachusetts residents and becomes effective March 1, 2010.
Keeping abreast of the evolving legal and PCI DSS requirements can and will continue to be a challenging task for many hospitality companies, especially smaller companies. For this reason, actions that minimize and simplify your compliance effort, and reduce the cost of compliance and risk should be a high priority.
The Top 10 Compliance Issues for the Payment Card Industry (PCI)
By Rick Dakin, President, Coalfire Systems
Many organizations are aware of the Payment Card Industry (PCI) and PCI compliance but are unsure if they’re doing everything necessary. These are some common questions from merchants, service providers, and other organizations that must meet PCI requirements.
The New Massachusetts Data Protection Law – Changes to Business Operations
Debra Feldman, Gunster
The Commonwealth of Massachusetts enacted new data breach security regulations, which go into effect on March 1, 2010. These regulations apply to any person engaged in commerce that owns or licenses personal information of a resident of the Commonwealth.
The application of the regulations is geographically far-reaching and will affect many areas of a company’s business operations.
Consider that the regulations are enforceable against companies located inside and outside of the Commonwealth (which raises the issue of jurisdiction and constitutionality of the regulations as applied to companies located outside of the Commonwealth).
As such, all companies, no matter where located, must determine whether the regulations are applicable and then take steps (involving time, resources and funds) to ensure compliance.
“The Currency of Progress?” Visa and MasterCard Arrogate Governmental Powers in the Name of Card System Security
By W. Stephen Cannon, Constantine Cannon LLP and Michael McCormack, Palma Advisors, LLC
January 1, 2010 marks the effective date of a new Nevada law establishing the Payment Card Industry’s Data Security Standard (“PCI DSS”) as the required method by which merchants and those in the payment system processing chain are to protect sensitive payment card data from unlawful access and misuse. In particular, the new law establishes a safe-harbor defense: a “collector” of card data “shall not be liable for damages for a breach of the security” of its system if it is in compliance with the latest PCI DSS standard and the breach is not the result of gross negligence or intentional misconduct. 2009 Nev. Stat. ch. 355 § 1(3).
Chris Zoladz, CIPP, CISSP, CISA, CPA, CGFM, is the founder of Navigate, LLC. Prior to founding Navigate in April 2009, Chris was the Vice President, Information Protection & Privacy at Marriott International, Inc. He created that function at Marriott in 1999 and had responsibility for global information protection and privacy strategy, policy development and deployment, privacy awareness and compliance strategies to meet information protection/privacy, business and legal requirements across all business functions in a cost-effective manner. For more information on Chris, please contact Diana Singson.
What's New at HospitalityLawyer.com!
We are excited to announce hotel and restaurant law, safety, and security webinars.
Visit our on-demand library to find the following legal, safety, and security webinars.
-
Avoid Becoming the Next Headline - How to avoid a data breach?, presented by Chris Zoladz
-
Your Company Just Experienced a Data Breach - Now What?, presented by Chris Zoladz
The HospitalityLawyer.com Solutions Store offers the following forms:
-
Compliance with PCI DSS Business Process Requirements Food & Beverage At-a-Glance
-
Compliance with PCI DSS Business Process Requirements Accounting/PCI Business Champion At-a-Glance
-
Compliance with PCI DSS Business Process Requirements Front Desk Champion At-a-Glance
-
Compliance with PCI DSS Business Process Requirements Sales & Marketing Champion At-a-Glance
-
Job Tasks PCI At a Glance
-
Tips to Reduce the Scope of your PCI Compliance Effort
-
Information Protection & Privacy Checklist for Reviewing Third Party Service Providers
-
Information Protection & Privacy Compliance for U.S. Sales & Marketing – A General Counsel’s Checklist
HospitalityLawyer.com
P.O. Box 22888
Houston, Texas
77227
HospitalityLawyer@HospitalityLawyer.com
Copyright 2000 - 2008. All Rights Reserved. HL.com, Inc.
