Archives

Published on:

16 September 2024

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

Artificial Intelligence is Checking into your Hotel – Are You Ready?

by Robert Braun, Co-Chair, JMBM Cybersecurity and Privacy Group;
Senior Member, JMBM Global Hospitality Group

Even though artificial intelligence has been a part of our lexicon for more than seventy years, artificial intelligence remains the latest bright shiny thing. Businesses large and small feel compelled to incorporate artificial intelligence into their company descriptions even with a limited understanding of what artificial intelligence is, or how it could help their business. Hotels and hotel companies are no different; just take a look at the online newsletters and announcements hitting your mailbox; it’s a rare day that a hotel company doesn’t announce that it is incorporating artificial intelligence into their business, whether to increase guest satisfaction, offer new services, improve reservations, or any of a variety of reasons.

While artificial intelligence can clearly help, jumping on the AI bandwagon can have unintended consequences.

What is Artificial Intelligence?

Most of us have an imperfect concept of artificial intelligence: we think that the title is descriptive of the product. However, artificial intelligence is not necessarily what it sounds like. IBM defines artificial intelligence as “technology that enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy.” But what most people think of as artificial intelligence is generative AI, technology that can create original text, images, video, and other content without human intervention.

Underlying this is a hard fact: artificial intelligence is highly technical and very difficult. As an expert in the field, Joseph Greenfield of Maryman and Associates told me, “To understand artificial intelligence, you understand neural networks.” I don’t understand neural networks – do you?

What are the risks of Artificial Intelligence?

Some of the risks in artificial intelligence – or, more accurately, AI systems and tools – are well publicized. For example, AI “hallucinations,” occurring when a generative AI tool that creates responses to prompts that have little or no basis in fact, have become legendary. Biased or inaccurate responses are a common issue, and certain AI models have design flaws that can magnify those issues. Additionally, because of the complexity of AI systems, artificial intelligence cannot be treated simply as another form of software – different and more intensive vetting of AI systems are required. CONTINUE READING →

Published on:

3 May 2024

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

The American Privacy Rights Act – What Does it Mean for Hotel Companies?

by Robert Braun, Co-Chair, JMBM Cybersecurity and Privacy Group;
Senior Member, JMBM Global Hospitality Group

On April 7, 2024, the United States House Committee on Energy and Commerce released the American Privacy Rights Act (APRA). While every Congress for more than a decade has introduced multiple proposals to address privacy rights on a national scale, none have gained traction, and while there’s every reason to suspect that the APRA will meet the same fate – headwinds are coming from the states that have already adopted comprehensive privacy statutes, and it is notoriously difficult to adopt legislation in an election year, and especially now), the APRA is being taken seriously, and might be the basis for a long-awaited, and long-needed, national privacy law.

What Makes the APRA Important?

The most important feature of the APRA is that it would replace the patchwork of individual state privacy statutes — adopted by sixteen (at last count) states, with more on the way. The laws share many common elements, but are not uniform; in a world where state borders mean less and less for consumer transactions, complying with each law is challenging. While there would remain room for states to adopt some unique laws, the APRA could significantly reduce the cost of compliance.

The APRA would also make the United States more consistent with jurisdictions throughout the world. Beyond state laws, there are many privacy laws, like the General Data Protection Regulation in the European Union (and similar laws in the United Kingdom and Switzerland), Canada, and other key trading partners. Citizens in these jurisdictions expect to have the same kind of data protection they have in their home countries, and adopting a comprehensive federal law would facilitate trade. CONTINUE READING →

Published on:

21 February 2024

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Hotel Management Agreements and Hotel Franchise & License Agreements.

To Brand or Not to Brand

by Robert Braun, Co-Chair, JMBM Cybersecurity and Privacy Group;
Senior Member, JMBM Global Hospitality Group

While some companies in some industries have a tendency to consolidate and eliminate brands, the hotel industry is different. Most of the leading hotel companies with brands, such as Marriott, Hilton, IHG, Hyatt, and Accor, regularly acquire or create new brands or flags. Today, Marriott has 30 flags, Hilton has 22, IHG has 14, Hyatt has 29, and Accor has 40, and that’s just the tip of the iceberg. With so many flags to choose from, it’s easy to overlook another choice – no brand at all. While picking a brand is an obvious choice, the possibility that operating a hotel without a brand may be the better choice.

Why Choose an Existing Brand?

The major brands provide a number of benefits to hotel owners. A few of them are:

Name Recognition.

Perhaps the biggest benefit of branding a hotel is name recognition, and brands work to maximize that benefit. Hotel companies spend time and effort to make sure the traveling public recognizes the flag, and this makes it easier to choose the hotel when others might be available. Their use of traditional advertising, social media, spokespersons and other techniques are well-honed and effective. Most importantly, a hotel guest that has a positive experience at one property will assume – not always correctly – that the experience will be the same at other properties.

Brand Standards

Brand recognition is part of brand standards, and brand standards can be a benefit to owners as well. Even as they represent costs of compliance, they help create uniformity among different flags, and reinforce the traveling public’s interest in specific hotel flags.

Reservation Systems.

Hotel companies invest in reservation systems that make booking a hotel simple, and are designed to maximize a traveler’s likelihood of actually booking a room, not just visiting a site.

Loyalty Programs.

While loyalty programs can be a financial burden for hotel owners, they are a draw for hotel guests and increase occupancy. Travelers are enticed by earning awards for travel, and even if the hotel does not recoup the advertised or actual daily rate, other expenditures – food and beverage, onsite services and the like – can provide additional financial benefits.

Support

When things go wrong, hotel brands can be a source of support. They can provide trouble-shooting expertise, and for brand manages, can provide a deep bench of experienced hotel workers. CONTINUE READING →

Published on:

28 July 2023

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

This month, the Securities and Exchange Commission (SEC) announced new rules requiring companies who experience a cybersecurity attack to publicly disclose the impact of the attack within four days. Hotel companies whose securities are registered with the SEC should take note of these regulations and develop a robust incident response plan.

Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, outlines the new regulations below.

Time is Short – Reporting your Data Breach
by Bob Braun, Hotel Lawyer

 

Over the past years, hotel companies – including brands, managers and owners – have increasingly sought the benefit of access to public markets and, in doing so, have become subject to the registration and disclosure requirements of the United States Securities Act and Securities Exchange Act. In doing so, these companies need to comply with a broad variety of detailed regulations addressing their disclosure and reporting obligations. The Securities Exchange Commission recently adopted regulations which will have an impact on publicly traded hotel companies that suffer a data breach.

Breach Notifications for the Past 20 Years. Ever since California became the first state to require companies to notify their customers of data breaches in 2003, the time between the date a breach was discovered and the time the breach was reported has been an issue of contention. Early reporting gives consumers a leg up in protecting their personal information, and lets investors, vendors and customers of companies know if key business information has been compromised. At the same time, companies want as much time as possible to investigate a breach, understand what happened, and provide accurate information – companies that give early notice often have to give multiple notices as more information becomes available, and may even find that the original notice wasn’t necessary. Regardless, lawsuits against companies that have suffered data breaches almost universally point to the gap in time between the discovery and notification of a breach. CONTINUE READING →

Published on:

21 March 2023

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

Data privacy and security continue to be significant issues for hotel owners, operators, brands, and managers, representing the potential for both financial and reputational impacts. One important piece of the puzzle is which of the many entities involved in a hotel property is responsible for collecting, sharing, using and storing the personal data of guests and employees.  Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, gives an overview of current considerations.

 

 

Data Security and Privacy in Hospitality – Who’s Paying the Bill?
by Robert Braun, Co-Chair, JMBM Cybersecurity and Privacy Group;
Senior Member, JMBM Global Hospitality Group

 

One of the most valuable assets of a hotel brand is information – detailed personal information about guests at their hotels, participants in their loyalty programs, and visitors to their websites. This information allows hotel brands to focus on creating guest loyalty, acquiring potential guests, engaging in effective marketing, expanding market share, and creating properties and services that entice and satisfy hotel guests. Because of this, hotel brands have long contended that they “own” hotel guest data and have unencumbered rights to use it, without respect to the interests of hotel owners and even the guests themselves.

While this attitude may have been correct in the past, the world is changing. The EU’s General Data Protection Regulation, the California Consumer Protection Act, the California Privacy Rights Act, and similar laws throughout the United States and the world have turned this idea on its head. Anyone who collects personal data can do so only with the permission of the individual consumer; brands don’t own the personal information of guests, the guests do, and they are the ones who give the operator, brand or owner the right to collect and use it – and they can limit or revoke that right. CONTINUE READING →

Published on:

23 January 2023

See how JMBM’s Global Hospitality Group® can help you.

The Global Hospitality Group® of Jeffer Mangels Butler & Mitchell LLP (JMBM) is pleased to announce publication of the 5th edition of The HMA & Franchise Agreement Handbook, a guide for hotel owners, developers, investors and operators considering a hotel management agreement (HMA) or franchise agreement, or dealing with the challenges of termination of one.

Co-authored by JMBM’s Global Hospitality Group® Chairman, Jim Butler, senior Group member Robert E. Braun and Mark S. Adams, the 5th edition of The Handbook includes an updated section on why long-term management and franchise agreements may now be terminable, with all-new material exploring historic changes to Maryland law that may affect these contracts on hotels across the country.

The new edition features commentary from two faculty members at Cornell University’s Nolan School of Hotel Administration; an overview by Chekitan S. Dev, the Singapore Tourism Distinguished Professor, and a Foreword by Jan A. deRoos, HVS Professor of Hotel Finance and Real Estate Emeritus. “The authors’ objective of providing the keys for ‘breaking the code’ to HMAs and franchise agreements is fully realized,” writes deRoos. “The work is revised and updated with an understanding that the great questions never change, but the answers do.” CONTINUE READING →

Published on:

25 October 2022

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

In addition to protecting the personal information of guests in compliance with the EU’s General Data Protection Regulation and California’s Consumer Privacy Act, hotel operators and owners need to extend the same protections and rights to their employees and the information collected from them. Bob Braun, a senior member of the Global Hospitality Group and Co-Chair of JMBM’s Cybersecurity & Privacy Group outlines hotel employer obligations in the article below, along with suggested next steps.

 

Hotels, Hotel Owners and Employee Personal Information
by Bob Braun, Hotel Lawyer

 

Hotel operators and owners have long been focused on the privacy of the personal information they collect from guests – because of the global nature of the hospitality business, hotel brands have focused on complying with the European Union’s General Data Protection Regulation (GDPR), and beginning in 2018, the Consumer Privacy Act (CCPA), the first comprehensive law designed to protect the privacy of consumers’ personal information. Businesses that are subject to the GDPR and the CCPA are required, among other things, to respond to consumers who wish to view the personal information collected by the business, delete personal information, and opt-out of the sale of personal information; these obligations expanded in 2020 when California voters approved the California Privacy Rights Act of 2020 (CPRA).

Employee and Business Personal Information

While the CCPA is aimed at protecting consumers’ personal information, the terms of the law extend to the personal information of employees and business contacts. While the California legislature initially exempted employment information and “business to business” (B2B) personal information from many of the provisions of the CCPA until January 1, 2021, which was extended in the CPRA to January 1, 2023.

The Exemption and its Demise

While most observers believed that the California legislature would extend the exemptions of employee and B2B personal information, when the California Legislature adjourned on August 31, 2022, it did so without adopting an extension. As a result, it is a certainty that full consumer rights will apply to personal information obtained from employees or because of a B2B relationship.

Because hotel owners and operators are familiar with the requirements of the CCPA and the GDPR, the expiration of the exemption will be challenging. Owners and operators will need to adapt their policies to employee and B2B personal information. However, there are many hotel owners that have little or no contact with guests and have left compliance to hotel operators. These firms will be particularly impacted by the significant disclosure, policy and procedure issues that need to be addressed by the end of 2022.

This is especially the case for hotel owners that act as the employer of hotel personnel, but will extend to all hotel owners with employees, whether engaged at a hotel or not, since employers are obligated to collect vast amounts of personal information, including sensitive personal details (such as financial, health and intimate personal characteristics) to conduct businesses. These owners will need to address the information they collect, where it is held, who has access to it and how it is used. Moreover, hotel owners and operators will need to determine how consumer rights apply to employee and B2B personal information, and prepare to provide employees and B2B contacts with CCPA rights, including the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale or sharing of personal information, the right to limit use and disclosure of sensitive personal information, and the protection against retaliation following the exercise of opt-out or other rights. CONTINUE READING →

Published on:

8 March 2022

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

The rules around data privacy and cybersecurity are constantly evolving. In order to protect themselves from liability, hotel owners should pay attention to ongoing legal developments and learn more about their own data infrastructure.

Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, explains why hotels need to understand exactly what data they hold, where it is stored and who has access to it.

Facing the Knowledge Gap: Why Hotels Need “Visibility” to
Avoid Data Privacy Liability

by
Bob Braun, Hotel Lawyer

Addressing privacy compliance and cybersecurity is becoming more and more challenging for companies. At least 26 states are considering various kinds of data privacy laws. At the same time the rate, depth, and impact of ransomware, wiperware and data breaches has become more intense and more expensive, and there is no indication that the trend will end soon.  Hotel companies, as holders of significant amounts of personal information and highly dependent on computer networks for daily operations, are particularly at risk in this environment.

A hotel company that seeks to comply with privacy mandates, and to prepare for and defend against a data breach, requires knowledge – it requires visibility.

What does that mean? To achieve visibility, a hotel brand, manager or owner needs to increase its knowledge of key elements of its data infrastructure:

See Your Network

Most hotel executives, other than chief technology officers and chief financial officers, have little knowledge of their network. But understanding what data is stored on the network, how the various parts of the network interact, and who has access to the network (and what kind) is essential to evaluating risks, complying with privacy laws, and preparing and defending against attacks. This means not only knowing what is supposed to be on the network, but the “silent” nodes as well – things like unused servers and the devices that attach to the network, such as personal laptops, smart phones and tablets.  As hotels become increasingly automated – by relying on smartphones to substitute for keys and allowing touchless registration – being able to see the full scope of the network is challenging but essential. CONTINUE READING →

Published on:

29 December 2021

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Data Technology, Privacy & Security.

As hotels find new ways to use technology to attract guests and enhance their properties, they need to remain aware of the security challenges these technologies present.

Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, explains three basic issues for 2022 that all hotel owners need to be aware of to ensure their business and guest information remains secure.

Security Challenges in the Hotel Industry
by
Bob Braun, Hotel Lawyer

Like virtually all industries, the hotel industry continues to be challenged by cybersecurity concerns. As we approach 2022, hotel owners and operators need to address some basic issues that impact the security of their systems and their guests.

  • Wi-Fi. Providing wireless internet to guests has become a “must-do” for hotels – it’s not too much of an overstatement to say that a potential guest won’t stay at a hotel that doesn’t provide free Wi-Fi. But hotel Wi-Fi systems, particularly those in public areas, have long been a soft underbelly of cybersecurity. In the past 10 days, TechCrunch+ reported that “an internet gateway used by hundreds of hotels to offer and manage their guest Wi-Fi networks has vulnerabilities that could put the personal information of their guests at risk.” The system uses hardcoded passwords that are easy to guess and allow an attacker to gain remote access to the gateway’s settings and databases; they can then use that knowledge to access and exfiltrate guest records, or reconfigure the gateway’s networking settings to unwittingly redirect guests to malicious webpages.

CONTINUE READING →

Published on:

14 June 2021

See how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on Hotel Management Agreements.

After over a year of uncertainty and economic upheaval, the hospitality industry is quickly beginning to recover from the effects of the coronavirus. As hotels welcome an increased number of visitors, many owners are considering how to improve the management of their properties. One of the best ways to do this is to have a good management agreement in place. In the article below, my colleague Bob Braun suggests some key things to keep in mind when drafting a new agreement.

Hotel Lawyer: 5 Tips for your next Hotel Management Agreement (HMA)

by Bob Braun, Hotel Lawyer

Is it time to re-think your management agreement?

As the hospitality industry moves toward recovery, many hotel owners are re-evaluating the management of their properties. A good manager can bring great value to a property; a poor manager can reduce its value. Some studies have concluded that a good management agreement – one that provides for meaningful accountability, transparency and performance – can add or subtract 50% to the value of a hotel. The next normal will likely require rethinking how to maximize the efficiency and effectiveness of operations, rather than simply riding post-recession boom, and to plan for the future, not just hearken back to the past.

The Global Hospitality Group® at Jeffer Mangels Butler & Mitchell LLP has been negotiating, re-negotiating, litigating, arbitrating and advising clients for more than 30 years on more than 2,500 hotel management and franchise agreements. Our experience extends to virtually every brand and every significant independent manager, as well as many less well-known players. Based on that experience, we thought it would be helpful to provide a few tips that owners should bear in mind when considering the hotel management agreement. CONTINUE READING →

Contact Information