Category Archives: Privacy

Petra will be at CH&LA’s New Year, New Laws Seminar – Anaheim

If you are near Anaheim, CA, you don’t want to miss CH&LA’s annual seminar on the new laws affecting hoteliers in 2017.
Our very own Todd Seiders, Director of Risk Managment, will be presenting at the seminar.

Register today at CH&LA

Comments Off on Petra will be at CH&LA’s New Year, New Laws Seminar – Anaheim

Filed under ADA, Bed Bugs, Conferences, Employee Practices, Food Illnesses, Guest Issues, Hotel Employees, Hotel Industry, Housekeeping, Human Resources, Legislation, Management And Ownership, OSHA, Pool And Spa, Privacy, Risk Management, Technology

The Ransomware Dilemma: Is Paying Up a Good Idea?

The ongoing fight against ransomware attacks and the cyber criminals perpetuating this menace is more than a full-time job. In a cyber world without boundaries, ransomware has become a worldwide problem where no organization is immune to victimization.

According to some security experts, the first known reports of ransomware attacks took place in Russia in 2005. Over the past 10 years, these attacks have spread to all corners of the globe, successfully targeting hundreds of thousands of business systems and home PCs. And, the effects are mounting: the FBI reported ransomware-driven losses of $18 million over a 15-month period in 2014 and 2015.

The way ransomware works is by making an infected device unusable by locking the screen or system, encrypting its data and then demanding a ransom to unlock and decrypt this data. In some cases, once the user’s PC is infected, the ransomware also displays threatening messages disguised as coming from a law enforcement agency in order to appear credible while intimidating the PC owner. Payment is usually demanded in the form of bitcoins, a virtual currency that is untraceable.


This is apparently what happened at Hollywood Presbyterian Medical Center in California in early February 2016 when it fell victim to malware, which locked the hospital’s computer infrastructure. According to reports, to remain operational and continue providing patient care, the hospital was forced to use “old school” methods including paper records, faxing, and good old-fashioned pen and paper.

In a letter regarding the attack, following a bitcoin payment of $17,000, hospital CEO Allen Stefanek stated “…The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

Click here to read the entire article:

Comments Off on The Ransomware Dilemma: Is Paying Up a Good Idea?

Filed under Business Interruption Insurance, Claims, Crime, Hotel Industry, Insurance, Management And Ownership, Privacy, Technology, Theft

What the Erin Andrews Lawsuit Means for Hoteliers

erin andrews

A jury’s decision this week to award sportscaster Erin Andrews $55 million in a civil suit against her stalker and the owner and management company of the Nashville hotel in which the man secretly videotaped her will have repercussions for the hotel industry for years to come, sources said.

In 2008, Michael David Barrett recorded Andrews while she was nude through the peephole of her hotel guestroom at the Nashville Marriott at Vanderbilt University. Barrett, who later pleaded guilty to felony stalking in 2009, discovered which room was Andrews’ and reversed the peephole in the door to see inside. The jury in Andrews’ civil suit found Barrett, as well as the owner of the hotel, West End Hotel Partners, and the management company, Windsor Capital Group, to be responsible.

Andrews had originally included Marriott International in her original suit; however, the court in Tennessee found that Marriott had no liability in the case, and dismissed it.

Stephen Barth, a professor of hospitality law at the Conrad N. Hilton College of Hotel and Restaurant Management at the University of Houston and founder of, testified on behalf of the defense during the civil trial. The defendants in this case did what they were supposed to do, Barth said in an interview with HNN, and he believes that because the companies were focused and diligent on their policies, procedures and employee training, it gave the jury members pause during their deliberations.

With the outcome of the case, Barth stressed that just as before, it’s important for hoteliers to have the right policies and procedures in place as well as the proper training for staff to deal with guest privacy issues.

“You need to be able to demonstrate the training that went on, the frequency and outcomes,” Barth said. “How do you evaluate whether the training was effective? Ultimately, you have to be able to demonstrate this in a courtroom.”

Policies, procedures and training

David Samuels, partner at Michelman & Robinson, said one of the issues that jumped out at him in following the trial was whether the management company had the proper policies and procedures in place regarding guest privacy. He said he believes several jury members were bothered by the testimony of some hotel staff who couldn’t recall having those policies. Samuels followed the trial but was not directly involved in it.
At this point, all owners and operators should review how they’re running their properties and whether they have specific written policies and procedures in place.

“They need to have those and effectively train the staff on it,” Samuels said.

Along with having those policies in place, hoteliers should regularly update those policies based on legal developments, such as the Andrews case, according to Sylvia St. Clair, an associate with Faegre Baker Daniels. If there’s any question about whether a policy is in compliance with the law or industry standards, she said, contact legal counsel or the human resources department.

“Then ensure (that) new hires receive that training as well as existing employees,” she said.

If a front-desk associate receives a request for a guest’s private information, such as his or her guestroom number, St. Clair said the associate should know not to give that information out unless he or she is authorized to do so. The associate should know to contact his or her manager or supervisor with questions.

“You want a statement to give to (anyone) requesting information,” St. Clair said. “Make sure employees know if they are receiving these types of requests, and the person requesting is continually asking, they shouldn’t hesitate to get their manager or GM involved.”

After completing the training, St. Clair said, document the training in employees’ files to show they received the latest version of the policy and understand it.

House phone access

During the civil trial, there was a dispute over how Andrews stalker learned which guest room was hers, Samuels said.
Andrews attorneys argued her stalker learned from the front-desk staff, an allegation the associates denied during the trial. Her stalker, Barrett, said in a taped deposition that he figured out Andrews room number by using an internal house phone at the hostess stand in the hotel restaurant.

“Those are only supposed to be used by employees,” Samuels said.

Barrett called the front desk and asked to speak with Andrews, Samuels said, and when the line was connected, Andrews room number appeared on the phone’s LCD screen. Barrett then went to her floor, saw the room next to hers was being turned over and then requested at the front desk to be in that room.

“From a privacy standpoint, from a safety standpoint, hotel guests should never be allowed to use an internal house phone that displays the room number on an LCD screen,” Samuels said.

If guests need a house phone, he said, they should be directed to one without an LCD screen and it should connect to an operator.

Similarly, hotel employees should be aware of who may be looking over their shoulders when using phones that display room numbers, he said.

Red flags

In the plaintiff’s closing argument, Andrews attorneys asked why the front-desk staff was not more critical about someone asking for a specific room, especially one next door to Andrews, according to Christian Stegmaier, a shareholder at Collins & Lacy. Stegmaier followed the case but was not directly involved in it.
That argument might presume too much about Andrews’ fame at the time, he said, as the front-desk associate may not have put two and two together.

“The takeaway from all of that is when you have a prospective guest making very specific requests, like about specific rooms, you need to be critical (of it),” he said.

Asking some gentle questions might allow the associate to learn a little more about the person making the request and why that specific room is so important to them, Stegmaier said.

“From a management perspective, you need to empower your associates to use that kind of critical thinking,” he said. “You want to encourage that.”

That is doubly important when the front-desk staff is aware of any celebrities or dignitaries staying in the hotel, Samuels said. Any requests for a specific room adjacent to such guests should send up a “big, red flag,” he said.

For more:

Comments Off on What the Erin Andrews Lawsuit Means for Hoteliers

Filed under Crime, Employee Practices, Guest Issues, Hotel Employees, Hotel Industry, Liability, Management And Ownership, Privacy, Risk Management, Training

Hospitality Industry Management Update: “What You Should Know Before Monitoring Your Employees and Guests”

There are many legitimate reasons for an employer to monitor spaces at the workplace, in fact, the law might require the employer to do so in some situations.monitoring employees However, surveillance is a sensitive subject and employers have good reason to be cautious. As always, employers should consult competent legal counsel before implementing any workplace surveillance program.

Employees can make or break businesses in the service industry. While customer service oriented employees create a luxurious experience at a lesser establishment, employees that don’t prioritize customer service can ruin a guest’s experience even at the most finely-appointed hotel.

However, managers and supervisors cannot always be present to recognize and reward desirable service practices, nor can they always be present identify and correct poor practices. With so many points of customer and employee interaction, surveillance is one of the most effective methods to safeguard employee safety and integrity, review employee performance, identify training points, and document “HR issues.” Of course, too much of a good thing can be a problem.

Employers must understand the difference between valid surveillance and illegal intrusions on privacy rights before taking advantage of video/audio recordings. This article aims to help employers stay on the right side of that fence.

For more:

Comments Off on Hospitality Industry Management Update: “What You Should Know Before Monitoring Your Employees and Guests”

Filed under Hotel Employees, Hotel Industry, Management And Ownership, Privacy, Technology

Hospitality Industry Legal Update: “Guest Room Privacy and the Fourth Amendment”

In order to create and follow an eviction policy that promotes compliance with the Fourth Amendment, a hotel should identify behaviors that justify eviction.  This requires consultation of the law, including any statutes that govern hotel policies.cop car  The hotel should then train its staff to recognize and respond to behavior that triggers eviction.  A hotel should also provide guests with its eviction policy or communicate in some way the types of behavior that could trigger an eviction.  Finally, in the event of an eviction, the hotel must take steps to communicate to the guest that he or she is being evicted.

Hotels are faced with a delicate balancing act when it comes to maintaining guest privacy.  Hotel staff must comply with police investigations when noncompliance would constitute obstruction of justice.  At the same time, hotel employees must recognize their guests’ Fourth Amendment right to be protected from unreasonable searches and seizures.  If hotel employees comply with an unreasonable search or seizure that results in harm to the guest, the hotel could find itself exposed to civil liability.

Courts have recognized that the Fourth Amendment protection from unreasonable searches and seizures applies to searches and seizures in hotel and motel rooms.  Certain exceptions allow for warrantless searches and seizures, including consent.  In broad terms, the consent exception means that a party’s agreement, actual or implied to a search and/or seizure renders a warrant unnecessary.

For more:

Comments Off on Hospitality Industry Legal Update: “Guest Room Privacy and the Fourth Amendment”

Filed under Employee Practices, Guest Issues, Hotel Industry, Management And Ownership, Privacy, Risk Management

Hospitality Industry Security Update: “Secret Service Warns Hotels of Data Theft”

“…Given that users at hotels use public computers to check email, print boarding passes, pay for travel arrangements and download private business information,SecretService it’s not too hard to imagine what an imaginative hacker could do with this information. Worse still, there isn’t much that even a savvy hotel operator can do to prevent this misuse…”

The Secret Service has confirmed what you’ve probably suspected for a long time: Public computers at hotels are ridiculously insecure, and you’re taking a gamble with your personal data each time you use one.

For more:


Comments Off on Hospitality Industry Security Update: “Secret Service Warns Hotels of Data Theft”

Filed under Crime, Guest Issues, Hotel Industry, Maintenance, Management And Ownership, Privacy, Technology, Theft

Hospitality Industry Guest Issues: “Operator Of ‘Mobile ID Theft Lab’ Sentenced To Prison For Bank Fraud And Aggravated Identity Theft”

“…In asking for a lengthy prison sentence, prosecutors noted that Suryan’s operation not only enriched him, but also helped thieves and burglars profit from the information they stole.  Suryan ‘served as a lynchpin of identity theft activity in Snohomish County in the latter half of 2012;Image the forgery service provided by the defendant helped incentivize countless break-ins of mailboxes, homes, and vehicles by criminals searching for victim data…”

The man who forged multiple ID documents and financial documents for mail thieves in Snohomish County was sentenced today in U.S. District Court in Seattle to 65 months in prison, five years of supervised release and $59,177 in restitution, announced U.S. Attorney Jenny A. Durkan.  MICHAEL JOHN SURYAN, 54, formerly of Everett, Washington was arrested in January 2013, in a Shoreline, Washington motel where he had set up a mobile identity manufacturing operation.

Using documents his co-schemers stole from burglaries, mail thefts and car prowls, SURYAN manufactured fake IDs, and forged checks with the co-schemers listed as the payees.  A search of the room revealed more than 50 fake Washington State driver’s licenses, handwritten notes listing the names, addresses and personal information (including dates of birth, social security numbers, driver’s license numbers, and credit card or checking account information) for numerous victims.

For more:

Comments Off on Hospitality Industry Guest Issues: “Operator Of ‘Mobile ID Theft Lab’ Sentenced To Prison For Bank Fraud And Aggravated Identity Theft”

Filed under Crime, Hotel Industry, Management And Ownership, Privacy, Risk Management

Hospitality Industry Risk Management Update: “Stamford Hotel Worker Arrested for Sexually Assaulting Guest”

“…Police say that Oyola-Bandara knocked on the woman’s door at the Super 8 motel at 32 Grenhart Road at about 3:30 a.m. and told the woman, who has been a resident of the motel for some time, that he is there to fix something. ImageThe woman recognized the man as a hotel worker and let him in. Oyola-Bandara then pulled out a bottle of liquor and put two glasses on the table and began pouring the liquor into the glasses…”

A West Side hotel maintenance worker who talked his way into a 60-year-old woman’s room early Saturday morning and tried to force himself on her was arrested after police found the man asleep in the woman’s hotel room.

Carlos Oyola-Bandera, 35, of 501 West Main St., Stamford, was charged with attempted rape, unlawful restraint, criminal trespass, fourth-degree sexual assault and breach of peace. He was held over the weekend by police in lieu of a $50,000 court appearance bond and is being arraigned at the Stamford courthouse Monday.

For more:

Comments Off on Hospitality Industry Risk Management Update: “Stamford Hotel Worker Arrested for Sexually Assaulting Guest”

Filed under Claims, Crime, Guest Issues, Hotel Industry, Liability, Management And Ownership, Privacy, Risk Management

Hospitality Industry Legal Update: “Plaza Hotel Using Noise as Legal Reason to Remove Bike-Share Rake”

“…Steven Sladkus, attorney for the luxury hotel and condos, told The Post when he first filed the case last fall, Image “The public should enjoy unobstructed or unblemished landmarks. This isn’t just for the ‘wealthy’ in The Plaza. This is for the benefit of everyone. Don’t mar it.” He declined to comment on the city’s response…”

A city attorney blasted The Plaza hotel for using “red herrings” such as traffic, noise and historical import in its legal quest to remove a bulky bike-share rack near its entrance.

“It is clear that this proceeding is motivated instead purely by The Plaza hotel’s aesthetic concerns,” Nicholas Ciappetta, a lawyer for the city, said in a Jan. 28 court filing revealed Tuesday. “In other words, The Plaza hotel does not want the station anywhere in its vicinity,” Ciappetta added, asking a judge to toss the “meritless” case.

Ciappetta called the high-priced hotel “self-serving” for trying to oust one of the city’s most popular kiosks.

For more:

Comments Off on Hospitality Industry Legal Update: “Plaza Hotel Using Noise as Legal Reason to Remove Bike-Share Rake”

Filed under Guest Issues, Maintenance, Management And Ownership, Privacy

Hospitality Industry Security Risk: “With Better Security Technology, Hotels Shore Up Blind Spots”

“…In New Orleans, Mike E. Cahn III, president of the Greater New Orleans Hotel and Lodging Association security network, says he sends surveillance tapes showing criminal activity to other area hotels, and to the police,Image who sometimes put them on YouTube. Recently a man stole a laptop from a conference room, Mr. Cahn said, and within 24 hours, he was recognized from the distributed video footage and apprehended…”

At a poker tournament in Barcelona last September, Jens Kyllönen, a professional player, said that his room at Hotel Arts was broken into and malware was installed on his computer to transmit anything he saw on his screen as he played. Despite video camera systems and electronic key card entry logs, no one was caught.

Although he said he discovered the malware in time, he says he is much more careful now about where he stores his belongings and secures his computer. Hotel Arts declined to comment, saying it was a private event.

His case is just one in what has become a technological cat-and-mouse game between hotels and criminals.

For more:

Comments Off on Hospitality Industry Security Risk: “With Better Security Technology, Hotels Shore Up Blind Spots”

Filed under Crime, Employee Practices, Guest Issues, Privacy, Technology, Theft, Training