Articles Posted in Data Technology, Privacy & Security

Published on:

By Jim Butler and the Global Hospitality Group®
Hotel Lawyers | Authors of www.HotelLawBlog.com
14 January 2014

Hotel Lawyer: The growing problem of security breaches with sensitive customer information.

The recent headlines about the Target and Neiman Marcus security breach with customer credit cards highlights a growing crisis that concerns owners and operator of hotels as well as retailers. In this article, Bob Braun, one of the senior members of our Global Hospitality Group® who focuses on data security — when he is not working on hotel management or franchise agreements — gives us some thoughts on what to do about this problem.

The Target and Neiman Marcus breaches:
What hoteliers need to know
by
Robert E. Braun | Senior Member, Global Hospitality Group®

The Target and Neiman Marcus problem. The massive security breach of Target’s customer data may affect more than 110 million Americans — potentially about 1 in 3 persons living in the United States. Followed in quick succession by another 40 million customers of Neiman Marcus (and more disclosures expected soon from other retailers), it is time for us in the hotel industry to look at our own policies and procedures, and to think about how we should respond to these malicious attacks.

Hoteliers beware. Hotels are obvious targets for identity and financial theft for many reasons. Hotels transact business through credit cards, and those credit cards are kept on file and can be accessed multiple times during a guest’s stay. The possibility that a credit card charge will be recorded occurs with each night’s room charge, room service, bar or restaurant bill, spa charge, and so on. Every charge is another opportunity for an identity thief to access the information using sophisticated computer hacks and other malicious software, generally without the hotel’s knowledge.

The need to respond to guest demands is another source of insecurity. The Identity Theft Resource Center noted, “The ability to connect to the Internet is an integral part of many individual’s daily life. This has led to the increased demand for public WiFi.” As a result, hotels find themselves compelled to offer wireless internet, and that service is almost always unsecured. But an unsecured wireless network is “just as dangerous as leaving files of your most important personal documents on a street curb for all to see. Hackers can easily get into an unsecured wireless network and get financial information, business records or sensitive e-mails.” (PC World, “Got Wireless Security”). At the same time, hotels have little say in the matter. Guests demand wireless internet service.

Finally, hotels have employees — lots of employees — and many of them have access to the credit card and other personal information of guests. No matter how well trained and supervised, more personnel correlates to greater risk. The fact that low-level employees typically have access to key guest information, and that there is, historically, a high turnover in hotel employees, exacerbates the problem.

What happened to Target? While investigations are continuing, sources have reported that investigators believe the attackers used similar techniques and pieces of malicious software to steal data from retailers. One of the pieces of malware is a RAM scraper, or memory-parsing software, which allows cyber criminals to grab encrypted data by capturing it when it travels through the live memory of a computer, where it appears in plain text, the sources said. While the technology has been around for many years, its use has increased in recent years as retailers have improved their security, making it more difficult for hackers to obtain credit card data using other approaches.

The lesson? Even as merchants become more vigilant and focus on the security of their systems, criminals have become more sophisticated and are investing more time and effort in crafting their own systems.

CONTINUE READING →

Published on:

By Jim Butler and the Global Hospitality Group®
Hotel Lawyers | Authors of www.HotelLawBlog.com
11 April 2013

Hotel Lawyer on technology challenges to your proprietary and sensitive corporate information. The continuing advances of technology continue to present a double edged sword. On the one edge are tremendous cost savings, efficiencies and power to manage information. On the other edge are daunting issues of information security and privacy.

In the article below, two of our Global Hospitality Group® lawyers talk about a recent court decision from the respected second circuit in New York that has important implications for every employer in the hospitality industry. It serves as a reminder that good employee handbooks and company policies are important to protecting your valuable business information and electronic data.

Here is what it is all about.

CONTINUE READING →

Published on:

By Jim Butler and the Global Hospitality Group®
Hotel Lawyers | Authors of www.HotelLawBlog.com
5 January 2013

Hotel Lawyer on how new privacy law enforcement may affect your mobile apps used in marketing. Hotel lawyer Robert Braun has an alert that may save you an unnecessary class action or troublesome lawsuit (or enforcement action). Although, the California Attorney General has started the furor, the impact of this approach will affect any company who deals with even one consumer in the state of California, and thus is likely to affect most of the hospitality industry in the United States, and many companies outside the US.

Here is what it is all about.

Privacy on the Move
California Imposes New Requirements
on Mobile Apps

by
Robert E. Braun | Hotel Lawyer

Hotel companies are actively entering the mobile application space as a means of gaining market share and solidifying guest relations. In addition to online travel agents like HotelsbyMe.com, a number of brands including Omni, Choice and Starwood have developed mobile applications. However, as mobile applications gain popularity, hotel companies should consider how privacy and security laws will impact how they can use those applications.

For companies with operations in California, that issue was highlighted on December 6, 2012, when the California Attorney General filed a lawsuit against Delta Airlines for failing to include a privacy policy with a smartphone application. The lawsuit, the first of its kind, alleges that Delta violated California law requiring online services to “conspicuously post its privacy policy” by failing to include such a policy with its “Fly Delta” mobile application.

The California online privacy law

In 2004, California enacted the California Online Privacy Protection Act (“CalOPPA”). This law requires operators of websites and online services to “conspicuously post” privacy policies about the personal information that is collected, how the consumer can access or request changes to personal information, how the operator of the site will notify consumers of changes, and the effective date of the policy.

In the case of an online service, “conspicuously posting” a privacy policy requires that the policy be “reasonably accessible…for consumers of the online service.”

CONTINUE READING →

Published on:

By Jim Butler and the Global Hospitality Group®
Hotel Lawyers | Authors of www.HotelLawBlog.com
7 October 2012

Hotel Lawyer on hotels’ liability for failure to protect hotel guests personal identities

My partner Robert Braun advises hotel owners in a wide range of operational issues, including information management. Because of the ubiquitous use of credit cards by hotel guests during a stay, as well as the growing demand for WiFi availability, hotels have been increasingly targeted by identity thieves. In his article below, Bob explains how hotels’ liability for this new type of guest security has grown and what hotels can do to protect their guests’ identities.

Hotel Liability for Guest Information and Identity
What you need to know
by
Robert E. Braun | Hotel Lawyer

A version of this article was first published in the September 21, 2012 issue of Hotel Business and is reprinted with permission.

Not too long ago, keeping guest information safe was a fairly straightforward process – perhaps the most innovative development was providing an in-room safe for valuables. This approach made sense at the time, when guest security was a matter of securing people and their physical possessions.

The industry now recognizes that hotel guests have valuables to protect that go far beyond watches and wallets, or even laptops and iPads – - perhaps the most valuable information a hotel guest has is his or her identity, and unless a hotel actively safeguards it, those valuables are at risk. The ubiquity of credit card, wireless internet and other options, while essential to hotel operations, is also a source of insecurity.

CONTINUE READING →

Published on:

By Jim Butler and the Global Hospitality Group®
Hotel Lawyers | Authors of www.HotelLawBlog.com
24 August 2012

Hotel Lawyer on card processing fees.

The financial reforms following in the wake of the banking mess brought new regulations on the use and charges for credit and debit cards. There may be some benefits here for hoteliers, but there certainly are some decisions to make.

In addition to all the work he does on hotel management agreements and hotel franchise agreements, my partner Robert Braun represents a number of merchant card processors, banks and merchants in structuring credit card processing arrangements, both within the United States and internationally.

Today, he shares some of his insights on the recent legal changes in laws on card processing and the potential impact on the hotel industry.

Credit Card Fees and the Hospitality Industry
Impact of the Durbin Amendment
by
Robert E. Braun | Hotel Lawyer

Dodd-Frank affects hotels and other merchants

The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 certainly sparked fierce debate about government regulation, consumer choice, innovation and entrepreneurship. The Durbin Amendment, a last-minute addition to the Dodd-Frank Act, drastically lowers swipe fees – the fee charged to merchants every time a customer pays with plastic – on debit cards issued by big banks, cutting into the banks’ revenue while, presumably, lowering costs for merchants and therefore consumers. The reduction in fees was significant: the Amendment reduced fees to 24 cents from a previous average of 43 cents, according to a Federal Reserve Board report.

CONTINUE READING →

Published on:

By Jim Butler and the Global Hospitality Group®
Hotel Lawyers | Authors of www.HotelLawBlog.com
17 July 2012

Hotels and restaurants are among many other businesses that monitor employees at work through video surveillance, and through employees’ use of company-issued computers and smart phones. While employers gain benefits such as reducing theft, decreasing liability and ensuring safety procedures are followed, employees can feel that this electronic monitoring violates their privacy. In his article below, Mark Adams, a litigator in JMBM’s Global Hospitality Group®, shares with us how courts are ruling in lawsuits that deal with electronic surveillance of employees. He also gives employers advice on how to prevent these lawsuits from happening.

CONTINUE READING →

Published on:

By Jim Butler and the Global Hospitality Group®
Hotel Lawyers | Authors of www.HotelLawBlog.com
29 May 2012

HotelLawyer.com launches
Portal to knowledge for the hospitality industry
JMBM’s Global Hospitality Group® hotel lawyers launch comprehensive hospitality resource
LOS ANGELES — May 29, 2012. Jim Butler, Chairman of the Global Hospitality Group® at Jeffer Mangels Butler & Mitchell LLP (JMBM) announced today that the Group has officially launched HotelLawyer.com, a comprehensive resource for the hospitality industry.

“JMBM’s Global Hospitality Group® is known for providing useful information, thoughtful analysis and a refreshing perspective to legal and business issues that affect the industry,” said Butler. “Our rich library of industry information is now organized in one convenient place — at HotelLawyer.com.”

On HotelLawyer.com, readers will find nearly 500 articles published over the years on the Hotel Law Blog, and the first two books in the We Wrote the Book™ series (The Lenders Handbook for Troubled Hotels and The HMA Handbook: Hotel Management Agreements for Owners, Developers, Investors and Lenders). These FREE resources continue to be accessed by thousands of readers each month.

Also available without cost at HotelLawyer.com are presentations from industry leaders, such as those given at JMBM’s 2012 Meet the Money® conference by Suzanne Mellen of HVS, Bruce Baltin of PKF Consulting, Greg Hartmann of Jones Lang LaSalle Hotels and Alan Reay of Atlas Hospitality Group.

CONTINUE READING →