Category Archives: Liability

Tech experts clarify ins and outs of door lock security

Hotel guestroom door locks and keycard systems that are connected to the internet pose security risks, technology experts say, but there’s also some widespread misconception about the nature of those risks.

hotel door key lock

The physical and digital security of hotel guestroom door locks has been a hot topic in the news lately, with the sometimes-sensationalized story of a hacker who extracted a ransom for a hotel’s keycard system.

For some clarity on the issue, Hotel News Now reached out to tech experts who explained what can and can’t happen with electronic door locks, what is vulnerable and how hoteliers can protect their properties and their guests from hackers.

Improved security
Guestroom door locks were traditionally treated as a piece of equipment maintained by a maintenance/building facilities engineer, said Armand Rabinowitz, senior director of strategy and workgroups at Hotel Technology Next Generation. This employee didn’t tend to be well-versed in technology unless they happened to be so for another reason, he said.

“That has changed as the position has become increasingly more technical,” he said. “Ten years ago, electronic locks didn’t need to be, nor were (they) connected to the internet.”

Locks were connected to an encoder or local serial connection, he said, which is a basic protocol that doesn’t travel across internet-connected devices. The physical protocol became outdated as hotels moved to IP-based connections, he said, which requires hoteliers to be careful in how they implement the system.

Everything at Greenwood Hospitality’s properties is on a guarded back-office, closed network, said Paul Wood, VP of revenue generation. The network is scanned for malware and viruses, he said. Locks are sequenced with encoders, he said, and this is a safe process as long as hotels have the system set up correctly.

The code connects the guest key with the lock, he said. Once it hits checkout time, the sequence says it’s time, and the keycard access shuts off.

“From a safety factor/feature perspective, it’s been this way more than 20 years,” he said. “The industry has it down pat.”

Systems today have a long history in the industry, Rabinowitz said, and they’re widely adopted in the world. In most cases, the communication protocols between online door locks are so limited that to transmit a code that would constitute a virus is challenging, if not impossible, he said.

“There would have to be a physical compromise to the point of replacing parts, rendering it unusual by the existing system,” he said.

Training and policies
Hotel managers should treat a door lock system like any other valuable IT asset, Rabinowitz said. That means ensuring all implementation security standards have been put in place for both physical and remote access, he said. There also should be an update process to ensure the system is running on the latest software, he said, and antivirus and security software must be installed on all machines that touch or run any of the lock system-based software.

Click here to read more about Hotel News Now Tech Impact Report Article


Comments Off on Tech experts clarify ins and outs of door lock security

Filed under Hotel Industry, Hotel Security, Liability, Risk Management, Technology, Theft

High Wind Warning in Southwestern California


A strong Pacific storm system will move across Southern California today through Saturday. Winds will increase and become very strong towards midday. The strongest winds and biggest potential for damaging wind gusts between 2 PM and Midnight. More info on the storm from Google Alert

Does your hotel have an emergency response plan in place? Does your staff know how to respond to severe weather emergencies? This short video will cover proper steps to prepare your staff on how to respond to these type of emergencies.

Petra, Severe Weather, Hotels, california


Comments Off on High Wind Warning in Southwestern California

Filed under Business Interruption Insurance, Claims, Flood Insurance, Hotel Industry, Hotel Restaurant, Insurance, Liability, Risk Management, Severe Weather

Hotel Workers Seek New Safety Measures After Freezer Death

Federal regulators and hotel employees are calling for new safety measures after a worker was found dead inside a walk-in freezer at the Westin Peachtree Plaza in downtown Atlanta.

Investigators believe Carolyn Mangham spent about 13 hours at temperatures below minus 10 Fahrenheit. Her frozen body was found after her husband called the hotel to report her missing.

Devices should be placed inside the large freezers so that anyone trapped or injured inside could send an alarm directly to hotel security or emergency services, union leaders say.

Hotel employees also want to carry “panic buttons” to alert others to emergencies.

freezer trapped alarm

“At the end of the day everyone deserves to go home to their families,” said Wanda Brown, who worked with Mangham at the hotel and is president of the Atlanta chapter of the UNITE HERE union.

“We’ve given our demands to the hotel and we are waiting for a response, but we will not stop asking for these things to be done,” Brown said.

The U.S. Occupational Safety and Health Administration is proposing about $12,500 in penalties for a serious safety violation in the death of Mangham, 61, who also went by Carolyn Robinson.

In a Sept. 23 letter, OSHA recommended that the Atlanta hotel voluntarily develop a system of “notification and ongoing communication” for workers entering the walk-in freezers. The agency also recommends the hotel develop a system to periodically check on employees during their shifts.

“The OSHA report is part of an ongoing process and we are planning to contest their findings and recommendations,” Carrie Bloom, a Starwood spokeswoman, said in a statement Wednesday night.

More on the article:

Comments Off on Hotel Workers Seek New Safety Measures After Freezer Death

Filed under Hotel Employees, Hotel Industry, Hotel Restaurant, Liability, OSHA, Risk Management

What’s your data breach response plan?

data breach

While businesses prefer to avoid cyber perpetrators entirely, these days nearly all organizations are at risk of a breach.

As the number of incidents (and claims) continues to rise, the prudent strategy is for firms to not only work diligently to prevent an intrusion, but also to have a plan in place to respond quickly and effectively if they suspect information has been compromised.

A data breach response plan proactively outlines the necessary actions a business must take, providing a framework that can be regularly matched against emerging risks and updated if the firm’s situation changes — for example, if additional staff are added in key data privacy or technology roles or if partnerships are formed that could change the way sensitive information is processed.

Developing a data breach response plan, one that is easy to follow and quick to implement, gives businesses time to prepare the necessary resources and mitigate the damage an exposure can inflict. Leaving key tasks to the last minute, such as scrambling to identify qualified outside legal counsel, is unwise and can significantly impact the timeliness and expense of a breach response. Likewise, pulling the plug on a single server without seeking guidance from an experienced technology expert may not shut down the unauthorized access that caused the exposure, thus leaving the business open to further harm. Worse, it may even erase key information a computer forensics company may need to assist the investigation. Getting the firm’s ducks in a row in advance of any breach is a far more effective cyber mitigation strategy.

One component of many small business breach response plans is accessing the financial and technical support available through a well-structured Cyber Liability insurance policy. Coverage options vary widely, so businesses (or the insurance broker) must carefully examine their needs before crafting a policy. For those firms with lean internal resources and thin financial margins, the right insurance can be a key asset when it comes to implementing a solid breach response plan. Below, three steps that will help organizations mitigate data breach disruptions before they occur.

1. Assemble the team

Who needs to be involved in responding to a breach? Before attempting to pull together more than a cursory list of post-exposure action items, it’s critical that the firm identify those individuals or groups that should be contacted in the event of a potential breach. The team will vary from one business to the next, but most organizations will want to include representatives from the executive group, legal (either internal or an outside consultant), privacy or information security, risk management, information technology, human resources and public relations.

Given the growing reliance on external partners — cloud providers, payroll processors and the like — firms should also consider where vendor touchpoints exist and how or when those third parties will contribute to the breach response process. They may need to be included on the contact list or they may even be responsible for raising the initial alarm if a breach occurs. It’s also important to ensure vendor contracts clearly spell out the company responsible when a breach occurs and who is liable for notifying those impacted. Other vendors are also commonly part of the response team, such as media relations consultants experienced in crisis management and notification firms with the resources necessary to quickly inform breach victims about the situation.

If the business has Cyber Liability coverage, the insurance company should also be part of the breach response plan. There are support services included in many policies that will be helpful in the event of an exposure, ranging from forensic investigation teams to data recovery specialists. To maximize the value of any applicable coverage, firms must be ready to access available features quickly and through the most efficient channels.

Click to read the article

Comments Off on What’s your data breach response plan?

Filed under Crime, Insurance, Liability, Management And Ownership, Risk Management

What the Erin Andrews Lawsuit Means for Hoteliers

erin andrews

A jury’s decision this week to award sportscaster Erin Andrews $55 million in a civil suit against her stalker and the owner and management company of the Nashville hotel in which the man secretly videotaped her will have repercussions for the hotel industry for years to come, sources said.

In 2008, Michael David Barrett recorded Andrews while she was nude through the peephole of her hotel guestroom at the Nashville Marriott at Vanderbilt University. Barrett, who later pleaded guilty to felony stalking in 2009, discovered which room was Andrews’ and reversed the peephole in the door to see inside. The jury in Andrews’ civil suit found Barrett, as well as the owner of the hotel, West End Hotel Partners, and the management company, Windsor Capital Group, to be responsible.

Andrews had originally included Marriott International in her original suit; however, the court in Tennessee found that Marriott had no liability in the case, and dismissed it.

Stephen Barth, a professor of hospitality law at the Conrad N. Hilton College of Hotel and Restaurant Management at the University of Houston and founder of, testified on behalf of the defense during the civil trial. The defendants in this case did what they were supposed to do, Barth said in an interview with HNN, and he believes that because the companies were focused and diligent on their policies, procedures and employee training, it gave the jury members pause during their deliberations.

With the outcome of the case, Barth stressed that just as before, it’s important for hoteliers to have the right policies and procedures in place as well as the proper training for staff to deal with guest privacy issues.

“You need to be able to demonstrate the training that went on, the frequency and outcomes,” Barth said. “How do you evaluate whether the training was effective? Ultimately, you have to be able to demonstrate this in a courtroom.”

Policies, procedures and training

David Samuels, partner at Michelman & Robinson, said one of the issues that jumped out at him in following the trial was whether the management company had the proper policies and procedures in place regarding guest privacy. He said he believes several jury members were bothered by the testimony of some hotel staff who couldn’t recall having those policies. Samuels followed the trial but was not directly involved in it.
At this point, all owners and operators should review how they’re running their properties and whether they have specific written policies and procedures in place.

“They need to have those and effectively train the staff on it,” Samuels said.

Along with having those policies in place, hoteliers should regularly update those policies based on legal developments, such as the Andrews case, according to Sylvia St. Clair, an associate with Faegre Baker Daniels. If there’s any question about whether a policy is in compliance with the law or industry standards, she said, contact legal counsel or the human resources department.

“Then ensure (that) new hires receive that training as well as existing employees,” she said.

If a front-desk associate receives a request for a guest’s private information, such as his or her guestroom number, St. Clair said the associate should know not to give that information out unless he or she is authorized to do so. The associate should know to contact his or her manager or supervisor with questions.

“You want a statement to give to (anyone) requesting information,” St. Clair said. “Make sure employees know if they are receiving these types of requests, and the person requesting is continually asking, they shouldn’t hesitate to get their manager or GM involved.”

After completing the training, St. Clair said, document the training in employees’ files to show they received the latest version of the policy and understand it.

House phone access

During the civil trial, there was a dispute over how Andrews stalker learned which guest room was hers, Samuels said.
Andrews attorneys argued her stalker learned from the front-desk staff, an allegation the associates denied during the trial. Her stalker, Barrett, said in a taped deposition that he figured out Andrews room number by using an internal house phone at the hostess stand in the hotel restaurant.

“Those are only supposed to be used by employees,” Samuels said.

Barrett called the front desk and asked to speak with Andrews, Samuels said, and when the line was connected, Andrews room number appeared on the phone’s LCD screen. Barrett then went to her floor, saw the room next to hers was being turned over and then requested at the front desk to be in that room.

“From a privacy standpoint, from a safety standpoint, hotel guests should never be allowed to use an internal house phone that displays the room number on an LCD screen,” Samuels said.

If guests need a house phone, he said, they should be directed to one without an LCD screen and it should connect to an operator.

Similarly, hotel employees should be aware of who may be looking over their shoulders when using phones that display room numbers, he said.

Red flags

In the plaintiff’s closing argument, Andrews attorneys asked why the front-desk staff was not more critical about someone asking for a specific room, especially one next door to Andrews, according to Christian Stegmaier, a shareholder at Collins & Lacy. Stegmaier followed the case but was not directly involved in it.
That argument might presume too much about Andrews’ fame at the time, he said, as the front-desk associate may not have put two and two together.

“The takeaway from all of that is when you have a prospective guest making very specific requests, like about specific rooms, you need to be critical (of it),” he said.

Asking some gentle questions might allow the associate to learn a little more about the person making the request and why that specific room is so important to them, Stegmaier said.

“From a management perspective, you need to empower your associates to use that kind of critical thinking,” he said. “You want to encourage that.”

That is doubly important when the front-desk staff is aware of any celebrities or dignitaries staying in the hotel, Samuels said. Any requests for a specific room adjacent to such guests should send up a “big, red flag,” he said.

For more:

Comments Off on What the Erin Andrews Lawsuit Means for Hoteliers

Filed under Crime, Employee Practices, Guest Issues, Hotel Employees, Hotel Industry, Liability, Management And Ownership, Privacy, Risk Management, Training

Lawsuit Alert – Hotels Renting to Minors


CH&LA alerted its members last year that legal claims were being asserted against numerous lodging properties for refusing to rent to unaccompanied minors. The person at the center of most of those claims (Jonathan Asselin-Normand) is continuing his long-running campaign against California lodging properties raising such claims.

As CH&LA has repeatedly advised its members, both the California Unruh Civil Rights Act and the Fair Employment and Housing Act prohibit blanket policies denying accommodations to people solely because they are unaccompanied minors.  The minimum damages for violating the Unruh Act is $4,000, plus attorney’s fees.

However, where a minor unaccompanied by an adult seeks accommodations, hotel staff may require a parent or guardian of the minor, or another responsible adult, to assume, in writing, full liability for any and all proper charges and other obligations incurred by the minor for accommodations, food and beverages, and other services provided by or through the innkeeper, as well as for any and all injuries or damage caused by the minor to any person or property. California Code 1865(d)(1).

What Members Should Do ASAP:

  • Review your policies, and if you have a blanket policy against accommodating unaccompanied minors, change that policy to comply with the law.
  • If your policy is on your web site or otherwise in your marketing materials, delete all reference to it.
  • Make sure all staff members know that your hotel does not have a blanket prohibition against accepting unaccompanied minors.  Be sure to constantly remind them of this fact.
  • Check with your third-party booking entities to see what, if anything, they say about your hotel’s policies involving minors and children.  Be sure that they comply with the law.
  • Consider utilizing a written form with a responsible party acknowledging their liability for the minor.  Please click here for a sample.

If you have questions about this, feel free to contact CH&LA’s Member Legal Advisor, Jim Abrams, at

For more information:

Comments Off on Lawsuit Alert – Hotels Renting to Minors

Filed under Hotel Industry, Liability, Management And Ownership, Risk Management

Embassy Suites Let Attacker Into Woman’s Room


A New Jersey woman who was sexually assaulted while staying at the Embassy Suites in downtown Des Moines has filed a lawsuit claiming staff members unwittingly let her attacker into her seventh-floor room.

Cheri Marchionda is suing both Embassy Suites and Hilton Worldwide, as well as Atrium Finance III, the company that owns the Des Moines hotel.

She was staying at the East Village hotel during a business trip when she awoke sometime after midnight on April 11, 2014, to find Christopher Edward LaPointe standing at the foot of her bed and touching her leg.

LaPointe, 31, a New York resident also staying at the hotel, is now serving a 20-year prison sentence at the Iowa Medical and Classification Center after pleading guilty to burglary and sexual abuse charges in December 2014.

In a federal lawsuit on track to go to trial in Des Moines, lawyers from a Pennsylvania firm representing Marchionda wrote that a manager, a desk clerk and a maintenance man all helped LaPointe get into the woman’s room without asking Marchionda whether he had permission to be there.

Though the Des Moines Register does not typically identify sexual assault victims in criminal cases, it does publish plaintiffs’ names in reporting on civil lawsuits. Reached by phone Wednesday, Marchionda’s lawyers said she did not currently want to speak publicly about the case.

“Each defendant owed a special duty of care to her, including a duty to provide for and assure her safety and security while at the hotel,” attorneys Paul Brandes and Michael Hanamirian wrote in the lawsuit. “To not expose her to burglary, assaults or attacks by others … and to not assist others in burglarizing, assaulting or attacking her.”

The negligence lawsuit was filed in a New Jersey federal court district in June, but was moved Tuesday to Iowa after lawyers couldn’t agree on a settlement during nonbinding mediation earlier in December. None of the defendants have filed an answer in court to the lawsuit, though a motion to dismiss over jurisdictional issues was denied by a judge.

The general manager at the Des Moines hotel did not immediately return a reporter’s phone call this week. Maggie Giddens, a public relations director for the hotel chain, said the company could not publicly comment because of the ongoing litigation.

The claims in Marchionda’s lawsuit are similar to those from another that Los Angeles attorney Gloria Allred filed against Embassy Suites and its parent company, Hilton Worldwide, on behalf of a woman who was sexually assaulted while staying at one of their hotels in North Charleston, S.C.

For more:

Comments Off on Embassy Suites Let Attacker Into Woman’s Room

Filed under Crime, Guest Issues, Hotel Industry, Liability, Management And Ownership

7 Tips to Reduce Holiday Party Liability for Employers


With the Thanksgiving weekend behind us, attention turns to celebrating with family, friends — and coworkers at the company holiday party.

A majority of organizations are still planning to hold holiday or end-of-year parties; however, a growing number of employers are cutting back, according to a recent survey from the Society for Human Resource Management. The survey found that almost two-thirds (65%) of human resource professionals said their organizations would host a party for all employees. But 30% of respondents said that no party was planned at their organization, an increase of 13 percentage points from 2012.

How and where will those companies celebrate? A majority — 67% — of respondents said their party would be off site, and 22% said they would close early that day. More than half (59%) said alcohol would be served at the party. Of those planning to serve alcohol, 47% indicated they would regulate alcohol consumption at the event, with 71% using drink tickets or having a drinks maximum.

Employers are concerned about possible repercussions from employees drinking too much, for example:

   • Drunk driving and possible motor vehicle accidents.

   • Workers compensation for falls and other injuries.

   • Discrimination claims, including sexual harassment and religious


   • Injury to third parties.

   • Premises liability.

   • Underage drinking.

In addition to employer-based liability, many organizations are concerned about their “social host” liability as well. In some states, social host liability is limited to people hosting parties at which minors are served alcohol. In other states, employers may be liable for underage drinking at work functions, and there are still other states in which the law is less clear. The safest action is to develop a policy and guidelines, with advice from your legal counsel and input from the human resources department, then distribute that policy to all employees.

For more:

Comments Off on 7 Tips to Reduce Holiday Party Liability for Employers

Filed under Hotel Employees, Hotel Industry, Insurance, Liability, Management And Ownership, Risk Management

Hospitality Industry Legal Update: “Are You Breaking the Law by Recording Calls?”

“Regardless of the content of the call, hoteliers should be ensuring that they are using automatic disclosures—in order to obtain consumer consenthotel-phone—if using an automatic recording system. If an operator becomes the target of one of these consumer privacy class actions, taking an aggressive approach and attacking these claims as incongruent with the legislative purpose and intent behind the respective statute is a recommended.”

In the past few years, class action plaintiffs have recovered billions of dollars in punitive damages by exploiting strict liability laws that punish businesses for failing to properly notify customers when a phone call is being recorded.

Under the Federal Telephone Consumer Protection Act and similar state statutes, businesses including hotels are prohibited from using certain tactics when telemarketing or making calls to solicit potential guests or customers. Hotels and other businesses are precluded from making calls or using any kind of prerecorded message, unless the caller has obtained a recipient’s prior express consent in writing or electronically.

Additionally, hoteliers are prohibited from making calls to residences before 8 a.m. and after 9 p.m., and a future hotel guest calling to confirm a reservation also must be notified if the call is recorded. Hence, under these laws, if a hotel receptionist in Montana receives a call from a California resident to confirm a reservation but never notifies the recipient that the call is being recorded, it could result in damages ranging from $500 to $5,000 per call under federal and state laws.

This seemingly innocuous business practice of recording customer service calls without providing some variation of the oft-heard disclosure, “This call may be monitored or recorded for quality assurance purposes” has the potential to financially cripple a business.

For more:

Comments Off on Hospitality Industry Legal Update: “Are You Breaking the Law by Recording Calls?”

Filed under Crime, Employee Practices, Guest Issues, Hotel Employees, Hotel Industry, Liability, Management And Ownership, Technology, Training

Hospitality Industry Conference Update: “Northern California Hotel & Lodging Conference”

CH&LA and AAHOA have once again partnered to present the annual Northern California Hotel & Lodging Conference.  This year the event is moving back to the DoubleTree San Jose.  Each year this event gathers together over 300 hoteliers who enjoynorcal-button-highres the free educational seminars, updates on industry topics and to attend the trade show.

The show will include the usual abundance of networking opportunities, general session luncheon, and of course the trade show, the largest of its kind in Northern California.  Over 100 vendors will be eager to show off the latest industry products, many who offer special rates and discounts for this conference.  There will also be a reception in the trade show at 4:00 pm, with appetizers, soft drinks, no-host bar and lots of networking.

For more:

Comments Off on Hospitality Industry Conference Update: “Northern California Hotel & Lodging Conference”

Filed under Conferences, Employee Practices, Hotel Industry, Insurance, Liability, Management And Ownership, Risk Management, Social Media, Technology, Training, Workers' Compensation