Articles Posted in Data Technology, Privacy & Security

Published on: April 2, 2025

Hotel Data Privacy Alert: Fairmont has a New (Website) Visitor – A CIPA Class Action

By Jim Butler and the Global Hospitality Group®

02 April 2025

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

A recent lawsuit filed in the U.S. District Court for the Central District of California alleges that Accor Management US Inc., the parent company of Fairmont Hotels & Resorts, violated California’s privacy laws by improperly sharing users’ browsing and booking information with social media platforms without user consent. This data sharing is said to have enhanced the algorithms and ad targeting abilities of these platforms.

Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, outlines what CIPA is and how companies should respond to CIPA claims.

Fairmont has a New (Website) Visitor – A CIPA Class Action

by Robert Braun, Co-Chair, JMBM Cybersecurity and Privacy Group;
Senior Member, JMBM Global Hospitality Group

On March 19, 2025, Accor Hotels, through its Fairmont Hotels & Resorts brand, became one of the latest – and one of highest profile – defendants in a current wave of website litigation. In the complaint, the attorneys for Natalie Gianne, claimed that when she accessed the Fairmont Hotels website to book a room, Accor allowed social media platforms to intercept communications, including confidential guest records without her prior consent in violation of the California Invasion of Privacy Act (“CIPA”, pronounced “see-pa”), and used that information to target her for advertisements.

Hotel companies need to pay particular attention to this case and its implications. Hotels are attractive targets for claims like these – they have broad website presence and have a public profile that makes these cases sensitive. In addition, large hotel companies are viewed as deep pockets that would be willing to settle.

What is CIPA?

The CIPA was originally adopted to adopted to protect California residents from a third party eavesdropping on a telephone call. As a result, in California and several other states, all parties to a phone call (including video calls) must consent to a recording. This is straightforward enough; however, CIPA plaintiffs, like Gianne, are extending the CIPA to information collected for website analytics purposes.

Data analytics is the process of examining raw data to uncover patterns, draw conclusions, and make informed decisions, enabling businesses to optimize performance, improve efficiency, and make strategic decisions. In the website context, analytics involves collecting, measuring, analyzing and reporting data to understand and improve website usage.

Where do the CIPA and Website Analytics Meet?

Websites have employed third parties to analyze website usage for years. Website owners want to know how users came to their site, what they do when they are on the site, and where they go when they leave. Website owners can use this information to make sure their sites are easy to navigate; if, for example, a user leaves a website while making a purchase at a website, the website owners will want to know why. They want to know what drives users to their sites, and how they can get more visitors. Analytics can help a website owner boost their search engine ratings, determine the value of marketing campaigns, and track digital marketing efforts.

Historically, analytics were internal – a website owner would collect information from visitors and use that information to improve their website. The website owner might hire an outside service (Google Analytics is well known for providing this service). Information about the visitor might be collected by a third party, but only in anonymous, aggregated form, and was only shared with the website owner. Bringing us back to the CIPA and similar laws, no third party was involved, so no consent was required.

Now, however, website owners have allowed (sometimes without their knowledge) social media companies like Facebook, LinkedIn and others to place tracking devices – typically, pixel trackers and other invisible items) on the site; when a user visits a page where the tracking device is installed, the user’s browser is instructed to transmit information to the tracker. However, not all companies obtain user consent to these tracking devices. In this case, a user can argue that personal information was shared with a third party without consent, and that it constituted a violation of CIPA.

How Should a Company Respond?

Update Website Documentation. One of the most important steps is to evaluate and, if necessary, update existing website terms of use, cookie policy, and privacy disclosures to reflect what is allowed on the website.

Website owners also need to implement processes to ensure and document consent. Typically, this is achieved through a “cookie banner” that a user must acknowledge before going to the site. However, the consent must be implemented carefully; it’s common for tracking technology to be triggered the moment a user lands on a site, which could be grounds for a claim that CIPA is being violated. Instead, no cookies or other trackers should be “turned on” until the user gives consent, something that website designers or privacy technicians can oversee. In addition, thought should be given to the form of the banner; it should provide for actual consent, which means that the consumer must be given a choice.

As important as privacy policy disclosures are the terms of use. While these have long been seen as a boilerplate document and implemented with little thought, key terms can protect the website owner, including limitation on damages, enforceable arbitration clauses and, when possible, class action waivers.

Act Quickly. When a company receives a CIPA claim, there are several things it (and its attorneys) should do to evaluate the seriousness of the claim:

Does the claim bring any specific evidence? Some letters or complaints don ‘t have specific information about the defendant or the basis for the claim, which may leave room for defenses.
What law firm brought the action? Some firms are known for filing CIPA class action claims and may have a reputation for settling easily or as hard negotiators. Since class action claims are often arranged by attorneys, they can be seen as the adverse party.
Does the demand letter include an offer for settlement? For better or worse, it’s often makes economic sense to resolve a case quickly, rather than spend unnecessary resources on litigation. This determination is more complicated that determining the cost of settlement against the cost of litigation. While a firm may want a quick and quiet resolution, it also should consider that a private, out of court may not protect them from future claims from other plaintiffs not included in this class.
Could the claim be subject to arbitration? Arbitration is confidential and will avoid the uncertainty of a jury trial.

In any case, responding to a claim, including a pre-litigation claim, requires experienced attorney. Counsel can evaluate the likelihood of litigation, preserve evidence and data, and conduct an internal investigation. A company needs evidence that can be used to challenge the CIPA claim, as well as class certification, but it’s important to gather it in a way that preserves the attorney/client privilege whenever possible.

If this article was of interest, you may also wish to read other articles by Bob Braun on “Data Technology, Privacy & Security,” which include the following:

Artificial Intelligence is Checking into your Hotel – Are You Ready?

The American Privacy Rights Act – What Does it Mean for Hotel Companies?

Time is Short – Reporting your Data Breach

Who’s Responsible for Personal Data at a Hotel?

Why hotels need “visibility” to avoid data privacy liability

Hotel Data Security: Challenges to Address in 2022

New Challenges for Hotels: The New California Privacy Rights and Enforcement Act of 2020

Hotel Managers and Owners Be Warned – You are Responsible for Your Hotel’s Data Security

The California Consumer Privacy Act – What Hoteliers Need to Know Now

Avoiding Hotel Data Breaches With a Risk Assessment Audit™ – Lessons From the Marriott International “Glitch”

Bob Braun is a Senior Member of JMBM’s Global Hospitality Group® and is Co-Chair of the Firm’s Cybersecurity & Privacy Group. Bob has more than 20 years of experience in representing hotel owners and developers in their contracts, relationships and disputes with hotel managers, licensors, franchisors and brands, and has negotiated hundreds of hotel management and franchise agreements. His practice includes experience with virtually every significant hotel brand and manager. Bob also advises clients on condo hotel securities issues and many transactional matters, including entity formation, financing, and joint ventures, and works with companies on their data technology, privacy and security matters. These include software licensing, cloud computing, e-commerce, data processing and outsourcing agreements for the hospitality industry.

In addition, Bob is a frequent lecturer as an expert in technology, privacy and data security issues, and is one of only two attorneys in the 2015 listing of SuperLawyers to be recognized for expertise in Information Technology. Bob is on the Advisory Board of the Information Systems Security Association, Los Angeles chapter, and a member of the International Association of Privacy Professionals. Contact Bob Braun at 310.785.5331 or rbraun@jmbm.com.

This is Jim Butler, author of www.HotelLawBlog.com and founding partner of JMBM and JMBM’s Global Hospitality Group®. We provide business and legal advice to hotel owners, developers, independent operators, and investors. This advice covers critical hotel issues such as hotel purchase, sale, development, financing, franchise, management, ADA, and IP matters. We also have compelling experience in hotel litigation, union avoidance and union negotiations, and cybersecurity & data privacy.

JMBM’s Global Hospitality Group® has been involved in more than $125 billion of hotel transactions and more than 4,700 hotel properties located around the globe. Contact me at +1-310-201-3526 or jbutler@jmbm.com to discuss how we can help.

How can we help? Brochure Credentials Photo Gallery

Published on: September 16, 2024

Artificial Intelligence is Checking into your Hotel – Are You Ready?

By Jim Butler and the Global Hospitality Group®

16 September 2024

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

Artificial Intelligence is Checking into your Hotel – Are You Ready?

by Robert Braun, Co-Chair, JMBM Cybersecurity and Privacy Group;
Senior Member, JMBM Global Hospitality Group

Even though artificial intelligence has been a part of our lexicon for more than seventy years, artificial intelligence remains the latest bright shiny thing. Businesses large and small feel compelled to incorporate artificial intelligence into their company descriptions even with a limited understanding of what artificial intelligence is, or how it could help their business. Hotels and hotel companies are no different; just take a look at the online newsletters and announcements hitting your mailbox; it’s a rare day that a hotel company doesn’t announce that it is incorporating artificial intelligence into their business, whether to increase guest satisfaction, offer new services, improve reservations, or any of a variety of reasons.

While artificial intelligence can clearly help, jumping on the AI bandwagon can have unintended consequences.

What is Artificial Intelligence?

Most of us have an imperfect concept of artificial intelligence: we think that the title is descriptive of the product. However, artificial intelligence is not necessarily what it sounds like. IBM defines artificial intelligence as “technology that enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy.” But what most people think of as artificial intelligence is generative AI, technology that can create original text, images, video, and other content without human intervention.

Underlying this is a hard fact: artificial intelligence is highly technical and very difficult. As an expert in the field, Joseph Greenfield of Maryman and Associates told me, “To understand artificial intelligence, you understand neural networks.” I don’t understand neural networks – do you?

What are the risks of Artificial Intelligence?

Some of the risks in artificial intelligence – or, more accurately, AI systems and tools – are well publicized. For example, AI “hallucinations,” occurring when a generative AI tool that creates responses to prompts that have little or no basis in fact, have become legendary. Biased or inaccurate responses are a common issue, and certain AI models have design flaws that can magnify those issues. Additionally, because of the complexity of AI systems, artificial intelligence cannot be treated simply as another form of software – different and more intensive vetting of AI systems are required. CONTINUE READING →

Published on: May 3, 2024

Data Privacy Lawyer Alert: The American Privacy Rights Act – What Does it Mean for Hotel Companies?

By Jim Butler and the Global Hospitality Group®

3 May 2024

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

The American Privacy Rights Act – What Does it Mean for Hotel Companies?

by Robert Braun, Co-Chair, JMBM Cybersecurity and Privacy Group;
Senior Member, JMBM Global Hospitality Group

On April 7, 2024, the United States House Committee on Energy and Commerce released the American Privacy Rights Act (APRA). While every Congress for more than a decade has introduced multiple proposals to address privacy rights on a national scale, none have gained traction, and while there’s every reason to suspect that the APRA will meet the same fate – headwinds are coming from the states that have already adopted comprehensive privacy statutes, and it is notoriously difficult to adopt legislation in an election year, and especially now), the APRA is being taken seriously, and might be the basis for a long-awaited, and long-needed, national privacy law.

What Makes the APRA Important?

The most important feature of the APRA is that it would replace the patchwork of individual state privacy statutes — adopted by sixteen (at last count) states, with more on the way. The laws share many common elements, but are not uniform; in a world where state borders mean less and less for consumer transactions, complying with each law is challenging. While there would remain room for states to adopt some unique laws, the APRA could significantly reduce the cost of compliance.

The APRA would also make the United States more consistent with jurisdictions throughout the world. Beyond state laws, there are many privacy laws, like the General Data Protection Regulation in the European Union (and similar laws in the United Kingdom and Switzerland), Canada, and other key trading partners. Citizens in these jurisdictions expect to have the same kind of data protection they have in their home countries, and adopting a comprehensive federal law would facilitate trade. CONTINUE READING →

Published on: July 28, 2023

Hotel Data Security Update: Time is Short – Reporting your Data Breach

By Jim Butler and the Global Hospitality Group®

28 July 2023

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

This month, the Securities and Exchange Commission (SEC) announced new rules requiring companies who experience a cybersecurity attack to publicly disclose the impact of the attack within four days. Hotel companies whose securities are registered with the SEC should take note of these regulations and develop a robust incident response plan.

Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, outlines the new regulations below.

Time is Short – Reporting your Data Breach
by Bob Braun, Hotel Lawyer

Over the past years, hotel companies – including brands, managers and owners – have increasingly sought the benefit of access to public markets and, in doing so, have become subject to the registration and disclosure requirements of the United States Securities Act and Securities Exchange Act. In doing so, these companies need to comply with a broad variety of detailed regulations addressing their disclosure and reporting obligations. The Securities Exchange Commission recently adopted regulations which will have an impact on publicly traded hotel companies that suffer a data breach.

Breach Notifications for the Past 20 Years. Ever since California became the first state to require companies to notify their customers of data breaches in 2003, the time between the date a breach was discovered and the time the breach was reported has been an issue of contention. Early reporting gives consumers a leg up in protecting their personal information, and lets investors, vendors and customers of companies know if key business information has been compromised. At the same time, companies want as much time as possible to investigate a breach, understand what happened, and provide accurate information – companies that give early notice often have to give multiple notices as more information becomes available, and may even find that the original notice wasn’t necessary. Regardless, lawsuits against companies that have suffered data breaches almost universally point to the gap in time between the discovery and notification of a breach. CONTINUE READING →

Published on: March 21, 2023

Data Privacy Alert: Who’s Responsible for Personal Data at a Hotel?

By Jim Butler and the Global Hospitality Group®

21 March 2023

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

Data privacy and security continue to be significant issues for hotel owners, operators, brands, and managers, representing the potential for both financial and reputational impacts. One important piece of the puzzle is which of the many entities involved in a hotel property is responsible for collecting, sharing, using and storing the personal data of guests and employees. Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, gives an overview of current considerations.

Data Security and Privacy in Hospitality – Who’s Paying the Bill?
by Robert Braun, Co-Chair, JMBM Cybersecurity and Privacy Group;
Senior Member, JMBM Global Hospitality Group

One of the most valuable assets of a hotel brand is information – detailed personal information about guests at their hotels, participants in their loyalty programs, and visitors to their websites. This information allows hotel brands to focus on creating guest loyalty, acquiring potential guests, engaging in effective marketing, expanding market share, and creating properties and services that entice and satisfy hotel guests. Because of this, hotel brands have long contended that they “own” hotel guest data and have unencumbered rights to use it, without respect to the interests of hotel owners and even the guests themselves.

While this attitude may have been correct in the past, the world is changing. The EU’s General Data Protection Regulation, the California Consumer Protection Act, the California Privacy Rights Act, and similar laws throughout the United States and the world have turned this idea on its head. Anyone who collects personal data can do so only with the permission of the individual consumer; brands don’t own the personal information of guests, the guests do, and they are the ones who give the operator, brand or owner the right to collect and use it – and they can limit or revoke that right. CONTINUE READING →

Published on: October 25, 2022

Hotel Data Security Update: Hotels, Hotel Owners and Employee Personal Information

By Jim Butler and the Global Hospitality Group®

25 October 2022

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

In addition to protecting the personal information of guests in compliance with the EU’s General Data Protection Regulation and California’s Consumer Privacy Act, hotel operators and owners need to extend the same protections and rights to their employees and the information collected from them. Bob Braun, a senior member of the Global Hospitality Group and Co-Chair of JMBM’s Cybersecurity & Privacy Group outlines hotel employer obligations in the article below, along with suggested next steps.

Hotels, Hotel Owners and Employee Personal Information
by Bob Braun, Hotel Lawyer

Hotel operators and owners have long been focused on the privacy of the personal information they collect from guests – because of the global nature of the hospitality business, hotel brands have focused on complying with the European Union’s General Data Protection Regulation (GDPR), and beginning in 2018, the Consumer Privacy Act (CCPA), the first comprehensive law designed to protect the privacy of consumers’ personal information. Businesses that are subject to the GDPR and the CCPA are required, among other things, to respond to consumers who wish to view the personal information collected by the business, delete personal information, and opt-out of the sale of personal information; these obligations expanded in 2020 when California voters approved the California Privacy Rights Act of 2020 (CPRA).

Employee and Business Personal Information

While the CCPA is aimed at protecting consumers’ personal information, the terms of the law extend to the personal information of employees and business contacts. While the California legislature initially exempted employment information and “business to business” (B2B) personal information from many of the provisions of the CCPA until January 1, 2021, which was extended in the CPRA to January 1, 2023.

The Exemption and its Demise

While most observers believed that the California legislature would extend the exemptions of employee and B2B personal information, when the California Legislature adjourned on August 31, 2022, it did so without adopting an extension. As a result, it is a certainty that full consumer rights will apply to personal information obtained from employees or because of a B2B relationship.

Because hotel owners and operators are familiar with the requirements of the CCPA and the GDPR, the expiration of the exemption will be challenging. Owners and operators will need to adapt their policies to employee and B2B personal information. However, there are many hotel owners that have little or no contact with guests and have left compliance to hotel operators. These firms will be particularly impacted by the significant disclosure, policy and procedure issues that need to be addressed by the end of 2022.

This is especially the case for hotel owners that act as the employer of hotel personnel, but will extend to all hotel owners with employees, whether engaged at a hotel or not, since employers are obligated to collect vast amounts of personal information, including sensitive personal details (such as financial, health and intimate personal characteristics) to conduct businesses. These owners will need to address the information they collect, where it is held, who has access to it and how it is used. Moreover, hotel owners and operators will need to determine how consumer rights apply to employee and B2B personal information, and prepare to provide employees and B2B contacts with CCPA rights, including the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale or sharing of personal information, the right to limit use and disclosure of sensitive personal information, and the protection against retaliation following the exercise of opt-out or other rights. CONTINUE READING →

Published on: March 8, 2022

Why hotels need “visibility” to avoid data privacy liability

By Jim Butler and the Global Hospitality Group®

8 March 2022

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

The rules around data privacy and cybersecurity are constantly evolving. In order to protect themselves from liability, hotel owners should pay attention to ongoing legal developments and learn more about their own data infrastructure.

Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, explains why hotels need to understand exactly what data they hold, where it is stored and who has access to it.

Facing the Knowledge Gap: Why Hotels Need “Visibility” to
Avoid Data Privacy Liability

by Bob Braun, Hotel Lawyer

Addressing privacy compliance and cybersecurity is becoming more and more challenging for companies. At least 26 states are considering various kinds of data privacy laws. At the same time the rate, depth, and impact of ransomware, wiperware and data breaches has become more intense and more expensive, and there is no indication that the trend will end soon. Hotel companies, as holders of significant amounts of personal information and highly dependent on computer networks for daily operations, are particularly at risk in this environment.

A hotel company that seeks to comply with privacy mandates, and to prepare for and defend against a data breach, requires knowledge – it requires visibility.

What does that mean? To achieve visibility, a hotel brand, manager or owner needs to increase its knowledge of key elements of its data infrastructure:

See Your Network

Most hotel executives, other than chief technology officers and chief financial officers, have little knowledge of their network. But understanding what data is stored on the network, how the various parts of the network interact, and who has access to the network (and what kind) is essential to evaluating risks, complying with privacy laws, and preparing and defending against attacks. This means not only knowing what is supposed to be on the network, but the “silent” nodes as well – things like unused servers and the devices that attach to the network, such as personal laptops, smart phones and tablets. As hotels become increasingly automated – by relying on smartphones to substitute for keys and allowing touchless registration – being able to see the full scope of the network is challenging but essential. CONTINUE READING →

Published on: December 29, 2021

Hotel Data Security: Challenges to Address in 2022

By Jim Butler and the Global Hospitality Group®

29 December 2021

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

As hotels find new ways to use technology to attract guests and enhance their properties, they need to remain aware of the security challenges these technologies present.

Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, explains three basic issues for 2022 that all hotel owners need to be aware of to ensure their business and guest information remains secure.

Security Challenges in the Hotel Industry
by
Bob Braun, Hotel Lawyer

Like virtually all industries, the hotel industry continues to be challenged by cybersecurity concerns. As we approach 2022, hotel owners and operators need to address some basic issues that impact the security of their systems and their guests.

Wi-Fi. Providing wireless internet to guests has become a “must-do” for hotels – it’s not too much of an overstatement to say that a potential guest won’t stay at a hotel that doesn’t provide free Wi-Fi. But hotel Wi-Fi systems, particularly those in public areas, have long been a soft underbelly of cybersecurity. In the past 10 days, TechCrunch+ reported that “an internet gateway used by hundreds of hotels to offer and manage their guest Wi-Fi networks has vulnerabilities that could put the personal information of their guests at risk.” The system uses hardcoded passwords that are easy to guess and allow an attacker to gain remote access to the gateway’s settings and databases; they can then use that knowledge to access and exfiltrate guest records, or reconfigure the gateway’s networking settings to unwittingly redirect guests to malicious webpages.

CONTINUE READING →

Published on: November 10, 2020

Hotel Lawyer Alert: California Consumer Privacy Act update

By Jim Butler and the Global Hospitality Group®

10 November 2020

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

On November 3rd, Californians voted to approve Proposition 24 which amends the California Consumer Privacy Act to include expanded consumer rights and greater privacy protections.

The California Privacy Rights and Enforcement Act – which also establishes an enforcement agency to guarantee strict compliance – places additional obligations on businesses to ensure that consumer data is transparent and secure. Given the scope of the Act and the short timeframe for compliance, hotels should immediately start looking at their data profiles and security to avoid running afoul of the new rules.

Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, explains the major provisions of the Act and discusses the challenges hotels face as they look to address its requirements.

New Challenges for Hotels:
The New California Privacy Rights and Enforcement Act of 2020
by
Bob Braun, Hotel Lawyer

Many races and initiatives that California voters considered on November 3 are still undecided, but Proposition 24, the California Privacy Rights Act of 2020 (the “CPRA”) isn’t one of them. The California electorate approved Proposition 24 by a comfortable margin – 56% of Californians voted in favor.

Like its predecessor the California Consumer Privacy Act of 2018 (the “CCPA”), the impact of the CPRA won’t be felt immediately. It goes into effect on January 1, 2023, and many of its provisions are unclear and will require study. But hotel companies with a presence in California will need to consider its requirements, and given the scope of the law, addressing its requirements early will be essential.

New Sheriff in Town

Perhaps the most significant development in the CPRA is the establishment of a new agency, the California Privacy Protection Agency, dedicated to handling enforcement and compliance with privacy regulations. This makes California the first state with an agency focused solely on enforcing privacy laws. This new agency will replace the California Attorney General in interpreting and enforcing the CCPA. The ultimate impact of the agency will develop as its members are selected and interpret its mandate, but it is clear from the CPRA that it has broad authority to bring civil and criminal actions.

Select Key Provisions

The CPRA is an extension and modification of the CCPA. It adds a number of new definitions and provisions that, in some cases, extend the scope of the CCPA and, in other cases, clarify the requirements of the CCPA. The result is that hotel companies that already comply with the CCPA will need to revisit their policies and procedures to ensure compliance with the CPRA, and any firms that have not yet considered CCPA compliance have a steep learning curve. Key provisions include: CONTINUE READING →

Published on: July 1, 2020

Meet the Money® Online: Hotels and Information Security – Protecting Guests and the Bottom Line

By Jim Butler and the Global Hospitality Group®

01 July 2020

See how JMBM’s Global Hospitality Group® can help you.

Meet the Money® Online: Hotels and Information Security
Protecting Guests and the Bottom Line

Last week, speakers from Manhattan Hospitality Advisors, Tiered Communication Services Inc. and Willis Towers Watson joined Bob Braun of JMBM’s Global Hospitality Group® for the second in a series of Meet the Money Online webinars.

If you missed “Hotels & Information Security – Protecting Guests and the Bottom Line,” you can watch the full webinar here.

You can also find the presentations made by our expert panelists on the Resource Center page:

Where Technology and Security Meet in Hotels

Jonathan Adam, co-founder and Chief Technology Officer, Tiered Communication Services, Inc., covers the primary elements required for information security, and how a secure hotel network should be designed. Meet the Money® Online June 2020.

Best Practices and Imperatives for Information Security

Bob Braun, co-chair of JMBM’s Cybersecurity and Privacy Group, and senior member of JMBM’s Global Hospitality Group® discusses why information security is so difficult to achieve, the importance of documentation, and why verifying third parties is critical. Meet the Money® Online June 2020.

Cyber Security – A Must in Today’s Viral World

Jack Westergom, Managing Director and Founder of Manhattan Hospitality Advisors explains why hotels are frequent targets of cyber crime, areas in which hotels can be proactive, and why you shouldn’t count on your brand for protection. Meet the Money® Online June 2020.

Cyber Insurance in the Hospitality Industry

Heather Wilkinson, SVP, FINEX E&O/Cyber, Willis Towers Watson, discusses why hotels need to determine their specific exposure, the importance of understanding what your cyber insurance actually covers, and the 5 main cyber threats that hotels are facing today. Meet the Money® Online June 2020.

While we weren’t able to gather in person for the 30th year of Meet the Money®, the national hotel investment and finance conference, we are continuing to provide the industry with research analysis and insight through Meet the Money Online. Join us on July 8, 2020 for the next in this series of informative webinars, the CMBS Special Servicing FAQs Virtual Roundtable. CONTINUE READING →

Jim Butler

Jim Butler is recognized as one of the top hotel lawyers in the world. He devotes 100% of his practice to hospitality, representing hotel owners, developers and lenders. Jim leads JMBM’s Global Hospitality Group® — a team of seasoned professionals who have helped clients around the world with more than 4,700 hospitality properties worth more than $125 billion.
More

Robert Braun

Robert Braun is a partner in JMBM's Corporate Department and a senior member of JMBM's Global Hospitality Group® -- a team of seasoned professionals who have helped clients around the world with more than 4,700 hospitality properties worth more than $125 billion. Bob represents owners in both transactional and operational issues. He advises clients with respect to business formation, financing, mergers and acquisitions, venture capital financing, joint ventures and strategic partnerships. He has represented hotel owners in the negotiation of several hundred management agreements, as well as spa management and franchise agreements. Bob also advises hotel owners regarding telecommunications, software, internet, e-commerce, data processing and outsourcing agreements. To read Bob's articles, go to www.HotelLawBlog.com and select "Management Agreements." For more information, please contact Bob Braun at 310.785.5331 or rbraun@jmbm.com.

Marta Fernandez

Marta Fernandez is a partner in JMBM's Employment and Labor Department and a senior member of JMBM’s Global Hospitality Group® -- a team of seasoned professionals who have helped clients around the world with more than 4,700 hospitality properties worth more than $125 billion. As a management labor lawyer with more than 20 years of experience, Marta specializes in representing hospitality industry clients in all aspects of labor and employment including labor-management relations such as union prevention, collective bargaining for single as well as multi-employer bargaining units, neutrality agreements and defense of unfair labor practice charges before the NLRB. She defends employers in administrative and litigation claims, such as employee claims of sexual harassment and discrimination and counsels clients in preventative strategies such as executive training, arbitration enforcement, and policies and procedures. To read Marta's articles, go to www.HotelLawBlog.com and select "Labor & Employment." For more information, please contact Marta Fernandez at 310.201.3534 or at mfernandez@jmbm.com.

Guy Maisnik

Guy Maisnik is a partner in JMBM's Real Estate Department and a senior member of JMBM's Global Hospitality Group® -- a team of seasoned professionals who have helped clients around the world with more than 4,700 hospitality properties worth more than $125 billion. Guy's deep and broad transactional practice includes complex real estate finance and venture capital transactions, including project finance, commercial finance, leveraged leasing and real estate acquisitions. He assists clients with development, leasing and disposition, loan portfolio acquisitions, loan and debt restructure, workouts and real estate exchanges. Go to www.HotelLawBlog.com for current information in these areas. For more information, please contact Guy Maisnik at 310.201.3588 or mgm@jmbm.com.

David Sudeck

David Sudeck is a Partner in JMBM's Real Estate Department and a senior member of JMBM’s Global Hospitality Group® -- a team of seasoned professionals who have helped clients around the world with more than 4,700 hospitality properties worth more than $125 billion. David has significant experience in the vacation ownership arena, focusing on the formation and registration of condominiums, timeshares and fractional interest regimes. He negotiates hotel, spa and restaurant management agreements, and assists client in the development, acquisition, sale and leasing of hotels, golf courses and restaurants. For David's take on current issues in the timeshare arena, go to www.HotelLawBlog.com and click on the topic, "Timeshare." For more information, please contact David Sudeck at 310.201.3518 or dsudeck @jmbm.com.

Robert Kaplan

Robert Kaplan is a partner in JMBM's Bankruptcy, Insolvency and Restructurings Group and a senior member of the Global Hospitality Group® -- a team of seasoned professionals who have helped clients around the world with more than 4,700 hospitality properties worth more than $125 billion. Bob represents lenders, special servicers, hard money lenders, community banks, national banking associations, distressed debt investors, and equity investors, positioning them for the best possible outcome by acting expeditiously to preserve value and increase cash flow. His industry experience and his knowledge of the current capital markets -- where distressed assets often include complex deal structures and securitized loans -- allows him to bring creative and effective strategies to the table. When aggressive litigation is the best strategy, he is a vigorous and effective advocate for his clients. Bob represented the securitized lender in the Chapter 11 bankruptcy case filed by the Clift Hotel in San Francisco, and in the subsequent negotiations and successful sale of the loan to a third party. The lender -- acting by and through GMAC Commercial Mortgage Corporation as special servicer -- was the holder of a $60 million loan secured by a Deed of Trust on the Clift Hotel. He has also served as counsel to CapMark, J.E. Robert Company, Inc., AMRESCO Management Inc. and Midland Loan Servicer in their capacity as special servicers on troubled hotel loans in CMBS pools. For more information, contact Robert Kaplan at 415.984.9673 or rkaplan@jmbm.com.

Martin Orlick

Martin Orlick is a partner in JMBM's Real Estate Department and a senior member of JMBM's Global Hospitality Group® -- a team of seasoned professionals who have helped clients around the world with more than 4,700 hospitality properties worth more than $125 billion. Marty specializes in representing hospitality industry clients in Americans With Disabilities Act (ADA) compliance and defense. He has represented more than 500 businesses in ADA issues, many of them hotels and restaurants, as well as hotel mixed-use properties. Marty is a member of the American College of Real Estate Lawyers (ACREL) and a frequent speaker on the ADA and other topics. To read Marty's articles, go to www.HotelLawBlog.comand select "ADA." For more information, please contact Marty Orlick at 415.984.9667 or morlick@jmbm.com.

Scott Brink

Scott Brink is a senior member of JMBM's Global Hospitality Group® and a partner in JMBM's Labor & Employment Law Department. Scott is a management labor lawyer with more than two decades of experience representing employers in all aspects of labor relations and employment law including union prevention, collective bargaining negotiations, defense of unfair labor practice charges before the NLRB, wrongful discharge litigation, individual and class action employment discrimination and wage-and-hour claims, sexual-harassment litigation, arbitrations, personnel policies, California wage and hour law, and employee discipline and discharge. An experienced trial attorney, Scott has litigated a number of high-profile and complex cases involving a wide range of labor and employment law matters. For more information, contact Scott Brink at RSB@jmbm.com or 310.785.5365.

Travis Gemoets

Travis Gemoets is an experienced trial attorney and represents management in all facets of labor and employment law, including wage/hour class actions, claims of discrimination, harassment, wrongful termination, trade secrets and unfair competition, union/management relations and workplace violence. He is a member of JMBM's Global Hospitality Group(r), in which capacity he negotiates union contracts and resolves labor disputes throughout the country, defends class action claims, develops strategies for the mass onboarding and separation of employees, and recommends proactive changes to employers' policies and practices in order to minimize potential liability risks. Reach him at 310.785.5387 or tgemoets@jmbm.com.

Mark S. Adams

Mark S. Adams is an experienced trial lawyer and a member of JMBM's Global Hospitality Group® and Chinese Investment Group™. He focuses his practice on business litigation including contracts, corporate and partnership disputes, and hospitality disputes and litigation. On behalf of hotel and resort owners, Mark has successfully litigated the termination of long-term, no-cut, hotel management agreements, franchise agreements, fiduciary duty issues, investor-owner disputes, TOT assessments, and more. He has wide-ranging trial experience in a variety of commercial disputes, including complex multi-party litigation and class actions. He has tried numerous cases in state courts, federal courts, and in domestic and international arbitrations, and is a frequent author and speaker on trial practice. Mark's trial wins have been covered by Forbes, Reuters, and other publications. He has obtained two of California's annual 50 largest jury verdicts in the same year. Mark has taken or defended nearly 1,000 depositions throughout North America, Europe and the Middle East. He has been quoted as an expert on noncompete agreements in the Wall Street Journal. For more information, contact Mark at 949. 623.7230 or markadams@jmbm.com.

Bennett Young

Bennett Young is a partner in JMBM's Bankruptcy, Insolvency and Restructurings Group and a senior member of the Global Hospitality Group® -- a team of seasoned professionals who have helped clients around the world with more than 4,700 hospitality properties worth more than $125 billion. His clients include lenders, financial institutions, secured and unsecured creditors, distressed investment funds, businesses, receivers, special servicers and creditors' committees. Ben represented the owner of a partially completed multi-billion dollar resort property in the restructuring of its finances and has represented lenders to hotels and casinos. For more information, contact Ben Young at 415.984.9626 or byoung@jmbm.com

Sheri Bonstelle

Sheri Bonstelle is a partner in JMBM's Government, Land Use, Environment and Energy Department, and a member of JMBM's Global Hospitality Group®. She represents owners and developers in land use, zoning, environmental, litigation and construction matters. She manages all aspects of the entitlement process, including representing clients before local and state agencies, commissions and councils. Sheri also represents clients in a variety of land use and real estate litigation matters in state and federal courts, including cases arising under CEQA and other environmental laws. Her hotel experience includes handling the adaptive reuse of an historic office building as a luxury boutique hotel. For more information, please contact Sheri Bonstelle at 310.712.6847 or SBonstelle@jmbm.com.

Kevin McDonnell

Kevin McDonnell is a partner in JMBM's Government, Land Use, Environment and Energy Department, and a member of JMBM's Global Hospitality Group®. Kevin represents developers and owners of hotels in a broad range of land use and zoning issues including entitlements, code enforcement, easements and parking requirements, as well as related Parcel Map and Tract Map subdivision issues. His hospitality experience includes hotels, condo-hotels and mixed-use projects. A registered Civil Engineer and Structural Engineer in California, and a former building official for the City of Los Angeles, Kevin brings unique experience and insight in Zoning and Building Code applications and Code Enforcement issues. For more information, please contact Kevin McDonnell at 310.201.3590 or kkm@jmbm.com.

Jamie Ogden

Jamie Ogden is a tax lawyer at Jeffer Mangels Butler & Mitchell LLP. He advises individuals and businesses on a range of tax planning, tax controversy and estate planning matters. Jamie’s experience includes all tax aspects with respect to the hospitality industry, including acquisitions and dispositions (including Section 1031 exchanges), financing and management agreements. He also serves as lead tax counsel on M&A transactions, financing, internal corporate restructurings and deferred compensation matters. Jamie also works frequently with litigators on the tax aspects of litigation, judgments and settlements. Jamie has extensive experience with foreign compliance matters, including each variation of the IRS amnesty programs. In addition to his experience in private practice, Jamie also brings several years of service from both state and federal government. For more information, contact Jamie at JOgden@jmbm.com or 310.201.3510.

Wei Deng

Wei Deng is General Counsel of Bosen American Capital, Inc. where in addition to his legal duties, he is responsible for sourcing, evaluating and proposing United States investment opportunities to the company. Wei was previously with JMBM, where he focused on transactional and litigation matters.

Jay Thompson

Jay Thompson has extensive experience representing private companies, business owners, family offices and investors in mergers and acquisitions, private equity and venture capital transactions and private securities offerings. Jay serves as general counsel to many of his clients, their management, and board of directors, helping to shape and execute their business strategies, facilitate growth and liquidity, as well as to advise them on day-to-day legal and other strategic issues. He is known for his practical approach to business issues. Contact Jay at JThompson@jmbm.com or 949.623.7258

Marianne Martin

Marianne Martin has nearly fifteen years of experience advising clients on a variety of commercial, financing, bankruptcy, restructuring and M&A matters, with a particular niche dealing with distressed and/or turnaround situations. Her clients frequently include private equity and hedge funds, independent sponsors, family offices, public and private corporations, financial institutions and banks, healthcare-related companies, municipalities and venture capital funds. She has represented clients in various capacities, including as borrowers/debtors, lenders, acquirers, and agents/trustees in negotiating and documenting complex commercial transactions, out-of-court restructuring transactions and advising on purchasing considerations in secondary market debt transactions. Contact Marianne at MMartin@jmbm.com or 310.201.3531

Trevor Countryman

Trevor Countryman is an associate in the firm's Real Estate Department. He advises clients in all aspects of real estate transactions including property acquisitions and dispositions, financing, leasing, development and construction. Trevor's clients range from large funds to individual developers and opportunistic investors, engaged in deals involving office, retail, multi-family, single-family, mixed-use and hotel properties. Contact Trevor Countryman at 310.201.3546 or TCountryman@jmbm.com.

Vanessa Han

Vanessa Han is an associate in JMBM's Corporate group. Vanessa can be reached at VHan@jmbm.com or 310.785.5383

Vince Farhat

Vince Farhat is Chair of JMBM's White Collar Defense and Investigations practice. Vince has extensive jury trial experience and focuses his practice on representing companies and individuals in criminal and civil investigations and prosecutions by government enforcement agencies, as well as complex federal litigation. He also advises companies in connection with complex and sensitive internal investigations. Prior to joining JMBM, Vince served as an assistant United States attorney in the Major Frauds Section of the U.S. Attorney's Office for the Central District of California. Contact Vince Farhat at 310.785.5382 or VFarhat@jmbm.com.

Sarah G. Hartman

Sarah G. Hartman is a partner in JMBM's Litigation Group and a member of JMBM's Global Hospitality Group® -- a team of seasoned professionals who have helped clients around the world with more than 4,700 hospitality properties worth more than $125 billion. Sarah is an experienced litigator who advises and represents clients through all aspects of litigation, from inception through trial and appeal. She advises and represents clients in the hospitality industry, including the termination of hotel management agreements and franchise agreements. Sarah also advises and represents clients on women's health technology issues, intellectual property matters, and complex commercial disputes, including breach of fiduciary duty, fraud, breach of contract, unfair competition, products liability, employment litigation, class action defense, false advertising and other complex financial disputes. Contact Sarah Hartman at 949.623.7243 or SGHartman@jmbm.com.

Michael H. Strub, Jr.

Michael H. Strub, Jr. is a partner in JMBM's Litigation Group and a member of JMBM's Global Hospitality Group® -- a team of seasoned professionals who have helped clients around the world with more than 4,700 hospitality properties worth more than $125 billion. He is a highly skilled trial and appellate attorney who has handled high-stakes, complex commercial and business cases for 30 years including disputes arising out of hotel construction, lending, and bankruptcy. In addition, he has represented plaintiffs and defendants in business and commercial disputes in a variety of areas. Contact Michael H. Strub, Jr. at 949.623.7233 or MStrub@jmbm.com.

Ask the Hotel Lawyer™ is a quarterly column that I write for JMBM's Global Hospitality Advisor®. If you have a question you would like to submit to Ask the Hotel Lawyer™ please use the comments box below. While your question may not be of sufficient general interest for the column, I will try to respond to you individually if you leave your contact information below.
Jim Butler.