5 January 2013
Click here for the latest articles on Data Technology, Privacy & Security.
Hotel Lawyer on how new privacy law enforcement may affect your mobile apps used in marketing. Hotel lawyer Robert Braun has an alert that may save you an unnecessary class action or troublesome lawsuit (or enforcement action). Although, the California Attorney General has started the furor, the impact of this approach will affect any company who deals with even one consumer in the state of California, and thus is likely to affect most of the hospitality industry in the United States, and many companies outside the US.
Here is what it is all about.
Privacy on the Move
California Imposes New Requirements
on Mobile Apps
Robert E. Braun | Hotel Lawyer
Hotel companies are actively entering the mobile application space as a means of gaining market share and solidifying guest relations. In addition to online travel agents like HotelsbyMe.com, a number of brands including Omni, Choice and Starwood have developed mobile applications. However, as mobile applications gain popularity, hotel companies should consider how privacy and security laws will impact how they can use those applications.
The California online privacy law
In 2004, California enacted the California Online Privacy Protection Act (“CalOPPA”). This law requires operators of websites and online services to “conspicuously post” privacy policies about the personal information that is collected, how the consumer can access or request changes to personal information, how the operator of the site will notify consumers of changes, and the effective date of the policy.
CalOPPA does not define an “online service” or mention “mobile” or “smartphone” applications, likely due to the fact that in 2004, smartphones and mobile applications were just being developed. However, the California Attorney General considers any service available over the internet or that connects to the internet, including mobile apps, to be an “online service.”
California Attorney General becomes active
National (and international) implications from this California development?
While California is the only jurisdiction to have applied its (9 year old) privacy law to mobile applications to date, California is widely regarded as a leader in consumer privacy, and many states look to California for guidance. If California did this by administrative interpretation, so could a lot of other states.
In any event, CalOPPA will have a broad reach, because it applies to:
“… [any] operator of a commercial website or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial website or online service….”
Thus, website or online service operators must comply with CalOPPA if they do business with any California consumers. With the size of California’s population and the importance of its market, the practical effect of CalOPPA will force an overwhelming number of online businesses (including mobile app developers) to comply with it.
Here are some of the ways JMBM helps clients with data security matters
The JMBM Global Hospitality Group® and the JMBM Cybersecurity & Privacy Group work with clients to establish and enforce data security policies, and assists clients when there are breaches. We have helped a variety of clients, including hospitality companies, in developing compliance programs, addressing data breach issues, and negotiating contracts with vendors and providers.
Here are some of the ways we help clients with data security matters:
- Respond to data breaches, including selecting appropriate technology and forensics experts
- Develop and implement data breach response plans and procedures, and related privacy, information security and data retention policies and procedures
- Address statutory and regulatory issues
- Develop effective solutions for protecting and managing information assets and complying with legal requirements, using an approach that will contain costs and maintain operational efficiency
- Advise clients on international privacy laws and rules on their businesses, including the U.S.–E.U. Safe Harbor Program
- Address legal challenges posed by social media and mobile applications
- Negotiate agreements for technologies and services to implement information management systems
- Conduct internal investigations, particularly those involving sensitive electronically stored information
- Assist companies in developing appropriate governance tools to the board of directors and executive management levels to address cyber risk
Click here for more information, including specific examples of projects undertaken for representative clients.
Other information about cybersecurity issues
If this article was of interest, you may also wish to read other articles on “Data Technology, Privacy & Security,” which include the following articles:
What every hotel owner (and operator) needs to know about “data security” after the Wyndham case
What the Target data security breaches mean for hoteliers
Cyber Security Alert: How to protect your proprietary information from employees
Hotel Lawyer Privacy Alert: Do your hotel mobile apps comply with new interpretations of online privacy rules?
Hotel Liability for Guest Information — What you need to know and how to avoid liability.
Losing the expectation of privacy bit by bit, byte by byte.
Dodd-Frank Act presents Hotels with decisions on credit and debit card charges.
Bob Braun is a Senior Member of JMBM’s Global Hospitality Group® and is Co-Chair of the Firm’s Cybersecurity & Privacy Group. Bob has more than 20 years experience in representing hotel owners and developers in their contracts, relationships and disputes with hotel managers, licensors, franchisors and brands, and has negotiated hundreds of hotel management and franchise agreements. His practice includes experience with virtually every significant hotel brand and manager.
Bob also advises clients on condo hotel securities issues and many transactional matters, including entity formation, financing, and joint ventures, and works with companies on their data technology, privacy and security matters. These include software licensing, cloud computing, e-commerce, data processing and outsourcing agreements for the hospitality industry.
In addition, Bob is a frequent lecturer as an expert in technology, privacy and data security issues, and is one of only two attorneys in the 2015 listing of SuperLawyers to be recognized for expertise in Information Technology. Bob is on the Advisory Board of the Information Systems Security Association, Los Angeles chapter, and a member of the International Association of Privacy Professionals. Contact Bob Braun at 310.785.5331 or firstname.lastname@example.org.
This is Jim Butler, author of www.HotelLawBlog.com and hotel lawyer, signing off. Why don’t you give us a call (or send an email) and let us know what you working on. We would like to see if our experience might help you create value or avoid unnecessary pitfalls. Who’s your hotel lawyer?
Our Perspective. We represent hotel owners, developers and investors. We have helped our clients find business and legal solutions for more than $87 billion of hotel transactions, involving more than 3,900 properties all over the world. We bring this experience to any hotel project — big or small. Let’s explore how it might work for you. For more information, please contact Jim Butler at email@example.com or +1 (310) 201-3526.
Jim Butler is a founding partner of JMBM, and Chairman of its Global Hospitality Group® and Chinese Investment Group®. Jim is one of the top hospitality attorneys in the world. GOOGLE “hotel lawyer” and you will see why. Jim and his team are more than “just” great hotel lawyers. They are also hospitality consultants and business advisors. They are deal makers. They can help find the right operator or capital provider. They know who to call and how to reach them.