Articles Posted in Data Technology, Privacy & Security

Published on:

10 November 2020

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

On November 3rd, Californians voted to approve Proposition 24 which amends the California Consumer Privacy Act to include expanded consumer rights and greater privacy protections.

The California Privacy Rights and Enforcement Act – which also establishes an enforcement agency to guarantee strict compliance – places additional obligations on businesses to ensure that consumer data is transparent and secure. Given the scope of the Act and the short timeframe for compliance, hotels should immediately start looking at their data profiles and security to avoid running afoul of the new rules.

Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, explains the major provisions of the Act and discusses the challenges hotels face as they look to address its requirements.

New Challenges for Hotels:
The New California Privacy Rights and Enforcement Act of 2020
by
Bob Braun, Hotel Lawyer

Many races and initiatives that California voters considered on November 3 are still undecided, but Proposition 24, the California Privacy Rights Act of 2020 (the “CPRA”) isn’t one of them.  The California electorate approved Proposition 24 by a comfortable margin – 56% of Californians voted in favor.

Like its predecessor the California Consumer Privacy Act of 2018 (the “CCPA”), the impact of the CPRA won’t be felt immediately.  It goes into effect on January 1, 2023, and many of its provisions are unclear and will require study.  But hotel companies with a presence in California will need to consider its requirements, and given the scope of the law, addressing its requirements early will be essential.

New Sheriff in Town

Perhaps the most significant development in the CPRA is the establishment of a new agency, the California Privacy Protection Agency, dedicated to handling enforcement and compliance with privacy regulations.  This makes California the first state with an agency focused solely on enforcing privacy laws.  This new agency will replace the California Attorney General in interpreting and enforcing the CCPA.  The ultimate impact of the agency will develop as its members are selected and interpret its mandate, but it is clear from the CPRA that it has broad authority to bring civil and criminal actions.

Select Key Provisions

The CPRA is an extension and modification of the CCPA.  It adds a number of new definitions and provisions that, in some cases, extend the scope of the CCPA and, in other cases, clarify the requirements of the CCPA.  The result is that hotel companies that already comply with the CCPA will need to revisit their policies and procedures to ensure compliance with the CPRA, and any firms that have not yet considered CCPA compliance have a steep learning curve.  Key provisions include: CONTINUE READING →

Published on:

01 July 2020

See how JMBM’s Global Hospitality Group® can help you.

Meet the Money® Online: Hotels and Information Security
Protecting Guests and the Bottom Line

Last week, speakers from Manhattan Hospitality Advisors, Tiered Communication Services Inc. and Willis Towers Watson joined Bob Braun of JMBM’s Global Hospitality Group® for the second in a series of Meet the Money Online webinars.

If you missed “Hotels & Information Security – Protecting Guests and the Bottom Line,” you can watch the full webinar here.

You can also find the presentations made by our expert panelists on the Resource Center page:

Where Technology and Security Meet in Hotels

Jonathan Adam, co-founder and Chief Technology Officer, Tiered Communication Services, Inc., covers the primary elements required for information security, and how a secure hotel network should be designed. Meet the Money® Online June 2020.

Best Practices and Imperatives for Information Security

Bob Braun, co-chair of JMBM’s Cybersecurity and Privacy Group, and senior member of JMBM’s Global Hospitality Group® discusses why information security is so difficult to achieve, the importance of documentation, and why verifying third parties is critical. Meet the Money® Online June 2020.

Cyber Security – A Must in Today’s Viral World

Jack Westergom, Managing Director and Founder of Manhattan Hospitality Advisors explains why hotels are frequent targets of cyber crime, areas in which hotels can be proactive, and why you shouldn’t count on your brand for protection. Meet the Money® Online June 2020.

Cyber Insurance in the Hospitality Industry

Heather Wilkinson, SVP, FINEX E&O/Cyber, Willis Towers Watson, discusses why hotels need to determine their specific exposure, the importance of understanding what your cyber insurance actually covers, and the 5 main cyber threats that hotels are facing today. Meet the Money® Online June 2020.

 

While we weren’t able to gather in person for the 30th year of Meet the Money®, the national hotel investment and finance conference, we are continuing to provide the industry with research analysis and insight through Meet the Money Online. Join us on July 8, 2020 for the next in this series of informative webinars, the CMBS Special Servicing FAQs Virtual Roundtable. CONTINUE READING →

Published on:

22 June 2020

See how JMBM’s Global Hospitality Group® can help you.

Meet the Money® Online: Hotels and Information Security
Protecting Guests and the Bottom Line

Speakers from Manhattan Hospitality Advisors, Tiered Communication Services Inc. and Willis Towers Watson will join Bob Braun of JMBM’s Global Hospitality Group® for this informative online program.

Please join us this week, on Thursday, June 25, 2020, when Meet the Money® Online addresses an issue of critical importance to the hospitality industry: information security.

As privacy laws demand companies do more to protect customer and employee data – and cyber hackers become more sophisticated – making sure your hotel’s information is secure has never been more important.

This free webinar will take place on Thursday, June 25 at 10:30 AM PDT / 1:30 PM EDT. Register Now.

Join our panel of cybersecurity experts and hospitality veterans for a 1-hour webinar to discuss:

  • What personal information hotels collect and how they use it
  • The role of hotel owners, operators and brands in guest information
  • Technology aspects of information collection, use and protection
  • Insurance issues – how to mitigate risk and cost using insurance
  • Legal obligations and compliance

This discussion will be moderated by Robert E. Braun, partner and co-chair of the Cybersecurity and Privacy Group at Jeffer Mangels Butler & Mitchell LLP who works with companies on their data technology, privacy and security matters. Bob is also a senior member of JMBM’s Global Hospitality Group® and has more than 20 years of experience in representing hotel owners and developers in hotel management and franchise agreements, condo hotel securities issues and many transactional matters, including entity formation, financing, and joint ventures.

Our speakers include:

  • Jonathan Adam, Co-Founder and Chief Technology Officer, Tiered Communication Services, Inc.Jonathan Adam is a founding member and CTO of Tiered Communication Services, Inc. With 17 years of hotel experience, he pairs high end development projects with extremely secure advanced technology systems for an unsurpassed guest user experience, driving amazing rates of return to owners. He holds multiple technology patents, and co-founded the ySuite Incubator in Austin and PracTECHal Solutions headquartered in Las Vegas. The ySuite team owns and operates multiple hotels in the Austin area, and utilizing the TCS technology infrastructure, they generate significant amounts of high margin add-on revenue through new hospitality revenue channels.
  • Jack Westergom, Managing Director and Founder, Manhattan Hospitality AdvisorsJack Westergom is Managing Director and Founder of Manhattan Hospitality Advisors. Jack is a veteran hotelier whose background includes asset management, hotel/resort operations, international marketing, investment relations and real estate development including many of the top 25 hotels and resorts in the world. Manhattan Hospitality Advisors has provided oversight on over $18 billion of hospitality assets around the world and has helped hotels to successfully navigate through four real estate downturns.
  • Heather Wilkinson, SVP, FINEX E&O/Cyber, Wills Towers WatsonHeather Wilkinson is SVP in the FINEX Cyber & E&O practice for Willis Towers Watson with over fourteen years of experience in the cyber insurance industry. Heather is a founding member of the Willis Towers Watson E&O and Cyber Broker Team; she joined the organization in 2006 and has been instrumental in placing some of the largest towers of E&O and Cyber insurance placements in the world. She is uniquely qualified to handle Cyber and Professional Liability issues and placements and is based in Los Angeles.

There is no fee for this program.

REGISTER NOW CONTINUE READING →

Published on:

24 January 2020

If you’re planning to attend the 2020 ALIS conference next week, we’d like to hear from you! Our Global Hospitality Group® attorneys are ready to discuss:

  • Successful hotel purchase strategies
  • Getting a great hotel management agreement
  • Optimizing your financing structure
  • Avoiding regulatory pitfalls in 2020
  • How to protect your company and comply with new cybersecurity regulations
  • Hotel industry litigation issues

Please contact us if you’d like to get in touch during the conference:

jim-150x150Jim Butler
Partner, Chairman
Global Hospitality Group®
310.201.3526
JButler@jmbm.com
guy-150x150Guy Maisnik
Partner, Vice Chair
Global Hospitality Group®
310.201.3588
MGM@jmbm.com
david-150x150David A. Sudeck
Partner
310.201.3518
DSudeck@jmbm.com
bob-150x150Robert E. Braun
Partner
310.785.5331
RBraun@jmbm.com
jeff-150x150Jeffrey T. Myers
Partner
310.201.3525
JMyers@jmbm.com
mark-150x150Mark S. Adams
Partner
949.623.7230
MarkAdams@jmbm.com
Published on:

10 January 2020

See how JMBM’s Global Hospitality Group® can help you.

Click here for the latest articles on Data Technology, Privacy & Security.

 

Hotel data breaches can have significant financial and reputational impacts on a brand, as evidenced by Marriott’s $123 million GDPR fine. In the article below, Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, outlines the critical importance of data security for the hospitality industry.

— Jim
Hotel Managers and Owners Be Warned – You are Responsible for Your Hotel’s Data Security
by
Bob Braun, Cybersecurity Lawyer

The FTC Speaks

On January 6, 2020, the Director of the FTC’s Consumer Protection Bureau published a blog post with changes to the FTC’s approach to its orders and settlements of data breach enforcement actions.  One of the key elements of the report was a revision to the FTC’s routine enforcement practice to ensure that its remedial data security orders include greater specificity about compliance expectations for companies subject to enforcement action and for third-party assessors engaged to conduct FTC-mandated monitoring and audits of targeted companies’ data security practices.

Beyond greater detail guiding data security requirements, the blog post highlights that a core element of the FTC’s model for remedial orders is that senior management, on at least an annual basis, present the company’s written information security program to the board or other governing body for oversight and review, and that management certify to the FTC that the company has complied with data security obligations.

The Growing Role of Managers and Boards in Data Security

The decision by the FTC reflects a growing consensus about the roles and responsibilities of management and boards for the adequacy of enterprise programs to identify, evaluate, and manage data and information security risks.  While this is not the first time boards of directors have been held accountable for the security practices of the companies they represent, it shows that this obligation has become mainstream and should be noted by all companies, whether they

The FTC’s endorsement of data security-related corporate governance approaches, safeguards, and third-party monitoring methods is likely to impact enforcement expectations of other regulators, whether state, federal or local, responsible for administering data security compliance and breach notification regulations.

CONTINUE READING →

Published on:

02 January 2020

Click here for the latest articles on Data Technology, Privacy & Security.

 

My partner, Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, has written extensively about the California Consumer Privacy Act that became effective January 1, 2010.  In his excellent article below, he describes how the CCPA will impact the hotel industry.

— Jim

CCPA: Loyalty Programs, Data Retention and the Brave New World of Privacy

by Robert E. Braun

This article first appeared in the Hotel Business Review and is reprinted with permission from www.HotelExecutive.com.

The California Consumer Privacy Act (the “CCPA” or the “Act”) is a piece of consumer privacy legislation which was signed by California Governor Jerry Brown on June 28, 2018, and goes into effect on January 1, 2020. The Act is, far and away, the strongest privacy legislation enacted in the United States at the moment (although there are a number of contenders for that honor), giving more power to consumers to control the collection and use of their private data, and is poised to have far-reaching effects on data privacy.

What is the CCPA?

It is estimated that more than 500,000 companies are directly subject to the CCPA, many of them smaller and mid-size business, where the detailed requirements of the Act – disclosure and notice procedures, opt-out rights, updating privacy policies, and revising vendor agreements – is daunting. As discussed below, many hotels and hotel companies will be directly impacted by the Act, either because their qualify as a “business” as defined in the CCPA, or because they are associated with companies – brands and management companies – that are subject to the Act. Hotel owners, managers and brands that have not grappled with the requirements of the CCPA need to move quickly to do so, or risk potential liability under the penalty provisions of the Act.

Where did the Act Come From?

In early 2018, Alistair McTaggart, a California real estate developer, led an effort to include a new privacy law – the Consumer Right to Privacy Act of 2018 – on the November 2018 California ballot. By June 2018, supporters of the initiative had gathered enough signatures to earn a place on the November ballot. In response, California legislators, working with California businesses and other interest groups, negotiated and passed a substitute bill – the CCPA – in exchange for an agreement to drop the more restrictive text in the Consumer Right to Privacy Act from the November ballot.

The Act is aggressive, and cites the March 2018 disclosure of the misuse of personal data by Cambridge Analytica, as well as the congressional hearings that followed which highlighted the fact that any personal information shared on the internet can be subject to considerable misuse and theft. This prompted the California legislature to move rapidly to protect Californians’ right to privacy by giving consumers much more control of their personal information. CONTINUE READING →

Published on:

07 August 2019

Click here for the latest articles on Data Technology, Privacy & Security.

Many hotels operate internationally and are frequently subject to the European Union’s 2018 General Data Protection Regulation. The financial consequences of a breach can be significant, as recent fines imposed on Marriott International demonstrate.

Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, explores the impact of last year’s breach on the hotel brand below.
Marriott’s GDPR Fine – Lessons to be Learned
by
Bob Braun, Cybersecurity Lawyer

On August 5, 2019, Marriott International announced that it had taken a $126 million charge in the second quarter, primarily as a result of the data breach it announced in 2018. Coincidentally, on July 9, 2019, The United Kingdom’s Information Commissioner’s Office (ICO), which enforces the General Data Protection Regulation in the UK, announced that it intends to impose a fine of £99,200,396 ($123,705,870) on Marriott for last year’s data breach. CONTINUE READING →

Published on:

15 February 2019

$87 billion in hotel transactions involving more than 3,900 properties
LOS ANGELES—The hotel lawyers of JMBM’s Global Hospitality Group® are pleased to present their updated Hospitality Credentials, which include clients and projects that represent more than $87 billion in hotel transaction experience involving more than 3,900 properties worldwide – more than any other law firm.

“If you are a hotel owner, developer, or capital provider, our hospitality lawyers can provide expertise and experience you just won’t find elsewhere,” said Jim Butler, Chairman of JMBM’s Global Hospitality Group. “Whether you are buying or selling a hotel, developing a new one, need a privacy and cybersecurity plan, or defend an ADA lawsuit – we have lawyers who know the ropes, and can guide you every step of the way.”

JMBM’s Global Hospitality Group provides a full range of services to the hospitality industry including:

  • ADA compliance & defense
  • Cannabis
  • Celebrity chef agreements
  • Construction
  • Corporate governance
  • Cybersecurity
  • Data privacy
  • Development
  • Equity & joint ventures
  • Expert witness
  • Fiduciary duty
  • Financing
  • Foreign investment
  • Franchise & licensing
  • Hotel-specific contracts
  • Labor & employment
  • Land use & environmental
  • Leasing
  • Litigation
  • Management agreements
  • Mergers & Acquisitions
  • Opportunity Zone
  • Proposition 65
  • Purchase & sale
  • Shareholder disputes
  • Tax
  • Trademark & copyright
  • Trusts and estates
  • Union negotiations
  • Union prevention
  • Vacation ownership
  • Workouts, bankruptcies & receiverships
“Exceeding $87 billion in hotel transactions involving 3,900 properties is a new milestone, and one I am proud to announce,” said Butler. “I am grateful to all of our wonderful hospitality clients who have shown us their trust and confidence over the years and continue to provide us with challenging and meaningful work.”

About JMBM’s Global Hospitality Group
JMBM’s Global Hospitality Group is the premier hospitality practice in a full-service law firm and the most experienced legal and advisory team in the industry. The Group publishes the Hotel Law Blog and hosts the annual Meet the Money® National Hotel Finance & Investment Conference (May 6-9, 2019 in Los Angeles). For more information visit www.HotelLawyer.com.

Contact:

Jim Butler
jbutler@jmbm.com
+1 310-201-3526

Published on:

30 November 2018

Click here for the latest articles on Data Technology, Privacy & Security.

Data breaches are back in the news, and this time, it’s a well-known hotel industry player: Marriott International. The company announced today that unauthorized access to their systems going back several years has exposed the names and other personal details of over 500 million guests. For hoteliers, this situation can be avoided by using the Global Hospitality Group® Risk Assessment Audit™, a comprehensive tool that combines your internal resources with our expertise in analyzing your risk profile, both for compliance purposes and to create effective data security strategies.

Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, sums up what Marriott is facing and what lessons other hotels can learn from this incident, below.
Not a Good Day for Marriott
by
Bob Braun

It’s unlikely that anyone in the hospitality industry – perhaps anyone who watches the news – hasn’t heard about the data breach at Marriott. Marriott’s pre-eminent position in the hotel industry, and the very size of the breach, with an estimated 500 million individuals impacted (putting it second behind the Yahoo breach) make this noteworthy.

What Happened?
While some of the information is available, most of the details have yet to be filled in. However, there are some key takeaways that every hotel owner, operator and brand should consider: CONTINUE READING →

Published on:

31 August 2018

Click here for the latest articles on Data Technology, Privacy & Security

Despite a general effective date of January 1, 2020, there are 5 steps that anyone doing business in California should take now to avoid problems under the California Consumer Privacy Act of 2018 (the Act) when it becomes effective. As a follow up to his original article explaining the important provisions of the Act, my partner Bob Braun provides us an important update on recent regulatory activity concerning the Act and provides practical guidance on what needs to be done now.

To read Bob’s original article about the Act, click California Adopts the California Consumer Privacy Act of 2018.
Update: California Consumer Privacy Act of 2018
5 steps to take NOW to avoid trouble
by
Bob Braun

Recent regulatory developments

Late last week, the California legislature published proposed technical amendments to the California Consumer Privacy Act of 2018. These amendments reflect almost two months of lobbying by both consumer and industry groups. In addition, the FTC has received a number of complaints that the Act, along with other proposed state actions, would create confusion in an already-fragmented approach to privacy and security in the United States.

5 steps to take now

While the changes in the Act and attacks on the Act continue to create uncertainty, businesses need to consider immediate steps to avoid the significant penalties for non-compliance. Businesses must be in full compliance on the effective date of January 1, 2020. It will not be adequate to start compliance efforts on that date.

In particular, there are 5 steps that businesses need to take to ensure compliance by the effective date: CONTINUE READING →

Contact Information