Archives

Published on:

21 March 2023

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

Data privacy and security continue to be significant issues for hotel owners, operators, brands, and managers, representing the potential for both financial and reputational impacts. One important piece of the puzzle is which of the many entities involved in a hotel property is responsible for collecting, sharing, using and storing the personal data of guests and employees.  Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, gives an overview of current considerations.

 

 

Data Security and Privacy in Hospitality – Who’s Paying the Bill?
by Robert Braun, Co-Chair, JMBM Cybersecurity and Privacy Group;
Senior Member, JMBM Global Hospitality Group

 

One of the most valuable assets of a hotel brand is information – detailed personal information about guests at their hotels, participants in their loyalty programs, and visitors to their websites. This information allows hotel brands to focus on creating guest loyalty, acquiring potential guests, engaging in effective marketing, expanding market share, and creating properties and services that entice and satisfy hotel guests. Because of this, hotel brands have long contended that they “own” hotel guest data and have unencumbered rights to use it, without respect to the interests of hotel owners and even the guests themselves.

While this attitude may have been correct in the past, the world is changing. The EU’s General Data Protection Regulation, the California Consumer Protection Act, the California Privacy Rights Act, and similar laws throughout the United States and the world have turned this idea on its head. Anyone who collects personal data can do so only with the permission of the individual consumer; brands don’t own the personal information of guests, the guests do, and they are the ones who give the operator, brand or owner the right to collect and use it – and they can limit or revoke that right. CONTINUE READING →

Published on:

23 January 2023

See how JMBM’s Global Hospitality Group® can help you.

The Global Hospitality Group® of Jeffer Mangels Butler & Mitchell LLP (JMBM) is pleased to announce publication of the 5th edition of The HMA & Franchise Agreement Handbook, a guide for hotel owners, developers, investors and operators considering a hotel management agreement (HMA) or franchise agreement, or dealing with the challenges of termination of one.

Co-authored by JMBM’s Global Hospitality Group® Chairman, Jim Butler, senior Group member Robert E. Braun and Mark S. Adams, the 5th edition of The Handbook includes an updated section on why long-term management and franchise agreements may now be terminable, with all-new material exploring historic changes to Maryland law that may affect these contracts on hotels across the country.

The new edition features commentary from two faculty members at Cornell University’s Nolan School of Hotel Administration; an overview by Chekitan S. Dev, the Singapore Tourism Distinguished Professor, and a Foreword by Jan A. deRoos, HVS Professor of Hotel Finance and Real Estate Emeritus. “The authors’ objective of providing the keys for ‘breaking the code’ to HMAs and franchise agreements is fully realized,” writes deRoos. “The work is revised and updated with an understanding that the great questions never change, but the answers do.” CONTINUE READING →

Published on:

25 October 2022

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

In addition to protecting the personal information of guests in compliance with the EU’s General Data Protection Regulation and California’s Consumer Privacy Act, hotel operators and owners need to extend the same protections and rights to their employees and the information collected from them. Bob Braun, a senior member of the Global Hospitality Group and Co-Chair of JMBM’s Cybersecurity & Privacy Group outlines hotel employer obligations in the article below, along with suggested next steps.

 

Hotels, Hotel Owners and Employee Personal Information
by Bob Braun, Hotel Lawyer

 

Hotel operators and owners have long been focused on the privacy of the personal information they collect from guests – because of the global nature of the hospitality business, hotel brands have focused on complying with the European Union’s General Data Protection Regulation (GDPR), and beginning in 2018, the Consumer Privacy Act (CCPA), the first comprehensive law designed to protect the privacy of consumers’ personal information. Businesses that are subject to the GDPR and the CCPA are required, among other things, to respond to consumers who wish to view the personal information collected by the business, delete personal information, and opt-out of the sale of personal information; these obligations expanded in 2020 when California voters approved the California Privacy Rights Act of 2020 (CPRA).

Employee and Business Personal Information

While the CCPA is aimed at protecting consumers’ personal information, the terms of the law extend to the personal information of employees and business contacts. While the California legislature initially exempted employment information and “business to business” (B2B) personal information from many of the provisions of the CCPA until January 1, 2021, which was extended in the CPRA to January 1, 2023.

The Exemption and its Demise

While most observers believed that the California legislature would extend the exemptions of employee and B2B personal information, when the California Legislature adjourned on August 31, 2022, it did so without adopting an extension. As a result, it is a certainty that full consumer rights will apply to personal information obtained from employees or because of a B2B relationship.

Because hotel owners and operators are familiar with the requirements of the CCPA and the GDPR, the expiration of the exemption will be challenging. Owners and operators will need to adapt their policies to employee and B2B personal information. However, there are many hotel owners that have little or no contact with guests and have left compliance to hotel operators. These firms will be particularly impacted by the significant disclosure, policy and procedure issues that need to be addressed by the end of 2022.

This is especially the case for hotel owners that act as the employer of hotel personnel, but will extend to all hotel owners with employees, whether engaged at a hotel or not, since employers are obligated to collect vast amounts of personal information, including sensitive personal details (such as financial, health and intimate personal characteristics) to conduct businesses. These owners will need to address the information they collect, where it is held, who has access to it and how it is used. Moreover, hotel owners and operators will need to determine how consumer rights apply to employee and B2B personal information, and prepare to provide employees and B2B contacts with CCPA rights, including the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale or sharing of personal information, the right to limit use and disclosure of sensitive personal information, and the protection against retaliation following the exercise of opt-out or other rights. CONTINUE READING →

Published on:

8 March 2022

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

The rules around data privacy and cybersecurity are constantly evolving. In order to protect themselves from liability, hotel owners should pay attention to ongoing legal developments and learn more about their own data infrastructure.

Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, explains why hotels need to understand exactly what data they hold, where it is stored and who has access to it.

Facing the Knowledge Gap: Why Hotels Need “Visibility” to
Avoid Data Privacy Liability

by
Bob Braun, Hotel Lawyer

Addressing privacy compliance and cybersecurity is becoming more and more challenging for companies. At least 26 states are considering various kinds of data privacy laws. At the same time the rate, depth, and impact of ransomware, wiperware and data breaches has become more intense and more expensive, and there is no indication that the trend will end soon.  Hotel companies, as holders of significant amounts of personal information and highly dependent on computer networks for daily operations, are particularly at risk in this environment.

A hotel company that seeks to comply with privacy mandates, and to prepare for and defend against a data breach, requires knowledge – it requires visibility.

What does that mean? To achieve visibility, a hotel brand, manager or owner needs to increase its knowledge of key elements of its data infrastructure:

See Your Network

Most hotel executives, other than chief technology officers and chief financial officers, have little knowledge of their network. But understanding what data is stored on the network, how the various parts of the network interact, and who has access to the network (and what kind) is essential to evaluating risks, complying with privacy laws, and preparing and defending against attacks. This means not only knowing what is supposed to be on the network, but the “silent” nodes as well – things like unused servers and the devices that attach to the network, such as personal laptops, smart phones and tablets.  As hotels become increasingly automated – by relying on smartphones to substitute for keys and allowing touchless registration – being able to see the full scope of the network is challenging but essential. CONTINUE READING →

Published on:

29 December 2021

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

As hotels find new ways to use technology to attract guests and enhance their properties, they need to remain aware of the security challenges these technologies present.

Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, explains three basic issues for 2022 that all hotel owners need to be aware of to ensure their business and guest information remains secure.

Security Challenges in the Hotel Industry
by
Bob Braun, Hotel Lawyer

Like virtually all industries, the hotel industry continues to be challenged by cybersecurity concerns. As we approach 2022, hotel owners and operators need to address some basic issues that impact the security of their systems and their guests.

  • Wi-Fi. Providing wireless internet to guests has become a “must-do” for hotels – it’s not too much of an overstatement to say that a potential guest won’t stay at a hotel that doesn’t provide free Wi-Fi. But hotel Wi-Fi systems, particularly those in public areas, have long been a soft underbelly of cybersecurity. In the past 10 days, TechCrunch+ reported that “an internet gateway used by hundreds of hotels to offer and manage their guest Wi-Fi networks has vulnerabilities that could put the personal information of their guests at risk.” The system uses hardcoded passwords that are easy to guess and allow an attacker to gain remote access to the gateway’s settings and databases; they can then use that knowledge to access and exfiltrate guest records, or reconfigure the gateway’s networking settings to unwittingly redirect guests to malicious webpages.

CONTINUE READING →

Published on:

14 June 2021

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Hotel Management Agreements.

After over a year of uncertainty and economic upheaval, the hospitality industry is quickly beginning to recover from the effects of the coronavirus. As hotels welcome an increased number of visitors, many owners are considering how to improve the management of their properties. One of the best ways to do this is to have a good management agreement in place. In the article below, my colleague Bob Braun suggests some key things to keep in mind when drafting a new agreement.

Hotel Lawyer: 5 Tips for your next Hotel Management Agreement (HMA)

by Bob Braun, Hotel Lawyer

Is it time to re-think your management agreement?

As the hospitality industry moves toward recovery, many hotel owners are re-evaluating the management of their properties. A good manager can bring great value to a property; a poor manager can reduce its value. Some studies have concluded that a good management agreement – one that provides for meaningful accountability, transparency and performance – can add or subtract 50% to the value of a hotel. The next normal will likely require rethinking how to maximize the efficiency and effectiveness of operations, rather than simply riding post-recession boom, and to plan for the future, not just hearken back to the past.

The Global Hospitality Group® at Jeffer Mangels Butler & Mitchell LLP has been negotiating, re-negotiating, litigating, arbitrating and advising clients for more than 30 years on more than 2,500 hotel management and franchise agreements. Our experience extends to virtually every brand and every significant independent manager, as well as many less well-known players. Based on that experience, we thought it would be helpful to provide a few tips that owners should bear in mind when considering the hotel management agreement. CONTINUE READING →

Published on:

28 April 2021

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Hotel Franchise & License Agreements.

After a year of economic upheaval in the hospitality industry, hotels are making big changes as they look ahead to recovery. Oftentimes these changes involve a complete rebrand, and this leads to questions about what is negotiable in a franchise agreement. In the article below, Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, talks about 5 important franchise terms that can usually be negotiated.

Hotel Franchise Lawyer: 5 Things to Negotiate
in your next Franchise Agreement

by Bob Braun

To say that the past year has been a shock to the hospitality industry is a gross understatement. While many believe that a recovery is in sight – even if requires high-powered binoculars to see – most properties are being forced to re-evaluate their status and prospects. Many hotel owners – and brands – are re-evaluating whether a current brand is the right brand. While many hotels did well simply because of the surging economy during the long post-recession boom, the new normal, whatever it may be, requires that hotel owners, operators and brands rethink whether what was right in 2019 is right in 2021 (and will be right for the next ten years).

As a result, many hotels are changing their brands and management. This may be the impact of lenders foreclosing on properties, changes in ownership, and increasingly, the mutual agreement of a brand and a hotel owner that the brand may not be the optimal operator, or the brand may not be the optimal brand for the property.

During this time of change, it’s important to reacquaint ourselves with some of the basics of hotel franchising.

What’s really negotiable in a franchise agreement?

The most common question we hear from clients is, “What’s really negotiable in a franchise agreement?” While brands take the position franchise agreements are not negotiable, our experience with hundreds of hotel franchise agreements is that there knows that there is wiggle room to get some important concessions if you know what to go for and don’t waste your effort where it won’t do any good. CONTINUE READING →

Published on:

5 April 2021

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Buying and Selling a Hotel and here for the latest articles on Hotel Franchise & License Agreements.

Bob Braun recently wrote an article for Today’s Hotelier on the issues hotel owners should watch for when selling a property with a franchise agreement. He explores when sellers should start speaking to their franchisor during the sale process, what purchasers can expect when negotiating a new franchise agreement, how guarantees should be handled in a sale or transfer, and several other concerns that may arise when a branded hotel is sold.

On negotiating a franchise agreement, Bob notes:

“Franchise agreements are intentionally designed to be highly favorable to the brand, and brands are unwilling to make changes. That position is even more pronounced in a change of ownership…A purchaser should be aware that, absent special circumstances, brands rarely provide an area of protection to avoid competition, a ramp-up of fees, or other variations from their forms.”

Click here to read the full article. CONTINUE READING →

Published on:

10 November 2020

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

On November 3rd, Californians voted to approve Proposition 24 which amends the California Consumer Privacy Act to include expanded consumer rights and greater privacy protections.

The California Privacy Rights and Enforcement Act – which also establishes an enforcement agency to guarantee strict compliance – places additional obligations on businesses to ensure that consumer data is transparent and secure. Given the scope of the Act and the short timeframe for compliance, hotels should immediately start looking at their data profiles and security to avoid running afoul of the new rules.

Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, explains the major provisions of the Act and discusses the challenges hotels face as they look to address its requirements.

New Challenges for Hotels:
The New California Privacy Rights and Enforcement Act of 2020
by
Bob Braun, Hotel Lawyer

Many races and initiatives that California voters considered on November 3 are still undecided, but Proposition 24, the California Privacy Rights Act of 2020 (the “CPRA”) isn’t one of them.  The California electorate approved Proposition 24 by a comfortable margin – 56% of Californians voted in favor.

Like its predecessor the California Consumer Privacy Act of 2018 (the “CCPA”), the impact of the CPRA won’t be felt immediately.  It goes into effect on January 1, 2023, and many of its provisions are unclear and will require study.  But hotel companies with a presence in California will need to consider its requirements, and given the scope of the law, addressing its requirements early will be essential.

New Sheriff in Town

Perhaps the most significant development in the CPRA is the establishment of a new agency, the California Privacy Protection Agency, dedicated to handling enforcement and compliance with privacy regulations.  This makes California the first state with an agency focused solely on enforcing privacy laws.  This new agency will replace the California Attorney General in interpreting and enforcing the CCPA.  The ultimate impact of the agency will develop as its members are selected and interpret its mandate, but it is clear from the CPRA that it has broad authority to bring civil and criminal actions.

Select Key Provisions

The CPRA is an extension and modification of the CCPA.  It adds a number of new definitions and provisions that, in some cases, extend the scope of the CCPA and, in other cases, clarify the requirements of the CCPA.  The result is that hotel companies that already comply with the CCPA will need to revisit their policies and procedures to ensure compliance with the CPRA, and any firms that have not yet considered CCPA compliance have a steep learning curve.  Key provisions include: CONTINUE READING →

Published on:

23 October 2020

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Hotel Management Agreements and Hotel Franchise & License Agreements, and download our HMA & Franchise Agreement Handbook (3rd ed).

One of the biggest mistakes owners and developers continue to make is negotiating a “nonbinding” term sheet on various hotel arrangements, such as hotel franchise and hotel management agreements. This can be a costly misstep for the reasons Bob Braun points out in this article on a classic but perennial problem.

First Things First – The Letter of Intent in Hotel Agreements
by
Bob Braun, Hotel Lawyer

Love at First Sight?

How hotel developers and owners, on one hand, and hotel brands, on the other, meet and agree to brand a hotel or resort property is a complicated process. Sometimes developers or owners seek out a brand, and sometimes a brand will approach a potential owner. Either way, the developer/owner meets with a development executive from the brand, and the two parties see if they have enough in common to talk seriously about a long-term relationship. During those early stages, each is trying to demonstrate its resources, seriousness, and commitment to a long-term relationship of 20 years or more. They trade pro forma financials, introduce key personnel, and in pre-Covid days, wine and dine each other. Brands will research the background and business history of their potential franchisee, and owners will seek out other owners for references and their real-life experiences. Owners will study the performance of brands throughout the world, especially where the project is in a foreign locale. The process resembles a mating dance: owners are courting brands, and brands are courting owners. And most typically, owners declare the seriousness of their intentions with an application fee – a very large application fee.

At that point, the brand and owner negotiate and enter into a non-binding letter of intent. The letter of intent makes it clear – the terms in the letter are nothing more than a good faith statement of the desire to move forward and discuss the details. Owners negotiate the basic terms in the letter of intent, and after seeing that the letter is, by its terms, not binding, they sign it, believing that they and the lawyers will have another chance to revisit those issues that might concern them.

Reality Sets In

Unfortunately, brands and managers don’t take that position. They believe that while the letter of intent may state that it is “not binding,” the terms in the letter are not subject to meaningful negotiation once it is signed. More than that, they take the position that if a business or legal term is important to the owner, it must be in the “non-binding” letter of intent; otherwise, the brand will revert to their standard terms and conditions. As becomes painfully clear as the parties negotiate a franchise or management agreement with the brand, there are relatively few points open for negotiation, but if overlooked in the preliminary discussions, it may be impossible to reclaim them no matter how important. CONTINUE READING →

Contact Information