Category Archives: Privacy

by | September 4, 2011 · 8:05 am

Hospitality Industry Insurance Risks: Hotel & Restaurant Owners Must Review And Update Insurance Coverage To Protect Their Businesses

  •  Proper insurance to value (ITV). The market sometimes offers blanket and agreed amount limits, which can help buyers overcome an instance where the insured has purchased too little building coverage.
  •  Business income limits. Most insurance buyers don’t take time to complete a BI worksheet—a valuable tool to determine proper exposure levels. The tool forces buyers and agents to address all aspects of a potential loss and its business impact.
  • Employee dishonesty limits. Hotel owners think they’ll never use this, and then learn their controller has been siphoning off small amounts of money for years, and the total loss is substantial.
  • Guest discrimination coverage. Hotels might buy employment practices coverage and not the guest coverage. Some specialty programs provide the coverage in the GL form.
  • Property in your care, custody or control. This is a “must have” for all hotels. Agents can offer this in the GL form or buy it as a legal liability (innkeepers) coverage on the crime policy.
  • Health care professionals as insureds. Resorts with spas have this exposure and need this coverage.
  • Valet parking services. Most full service upscale and luxury hotels and resorts offer valet parking services and need to be sure they are covered properly.
  • Ordinance and law. This is key property coverage with the ever-changing building codes. Buyers either buy too little or go without to help control cost. That’s not a good decision.
  • Green building coverage. The three key coverages are:

â—Š Green certified coverage. For a loss to a green certified building, coverage available from AGPOM will apply to rebuilding and additional expenses driven by regaining green certification.

â—Š Green upgrade coverage. This coverage pays the extra expense when a non-certified building opts to go green after a loss. Added costs might result from use of Energy Star equipment; eco-friendly lighting, paint and carpet; or water-efficient plumbing fixtures.

â—Š Green commissioning expense. This coverage provides for a commissioning engineer to inspect a newly built or repaired system after a covered loss to confirm operation at peak performance and expected efficiency.

For more:  http://ventureprograms.com/wp-content/uploads/articles/Hope%20For%20Hospitality.pdf

2 Comments

Filed under Employment Practices Liability, Green Lodging, Guest Issues, Insurance, Management And Ownership, Privacy, Risk Management

Tagged as , , ,

by | August 31, 2011 · 6:56 am

Hospitality Industry Guest Security: Police Arrest Man Taking Pictures Of Women In Bathroom At Missouri Hotel

“Right after that we got another call from another hotel saying the exact same thing,” said Ofcr. Darrin Snapp with KCPD. “A lady was in a public restroom and she was actually washing her hands, looked up and there was a gentleman standing over the stall with a camera phone appearing to take pictures of her.”

“If you stay somewhere with a big name like that you think there is security and safeguards and people aren’t walking through their front door getting inside of the hotel,”

A man is behind bars for invading the privacy of two women at Kansas City hotels. Police say the man was taking pictures of women as they tried to use the restroom. One incident happened at the downtown Mariott and the other happened at the Crowne Plaza Hotel.

Officers were first called to the Marriott after a woman saw a man standing on a toilet and looking over the bathroom stall.

For more:  http://www.fox4kc.com/news/wdaf-man-behind-bars-peeping-hotels-20110830,0,3067600.story

Comments Off on Hospitality Industry Guest Security: Police Arrest Man Taking Pictures Of Women In Bathroom At Missouri Hotel

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Training

Tagged as , , ,

by | August 24, 2011 · 8:00 am

Hospitality Industry Guest Privacy Risks: Virginia Hotel Sued For Violating "Fair And Accurate Credit Transactions Act"; Receipts "Bore Expiration Date Of Credit Card"

“…(the suit) would include individuals who received electronically printed receipts for transactions at Marjac Suites after June 30, 2008, and whose receipts bore the expiration date of their credit or debit card…”

A willful violation of the statute, the Fair and Accurate Credit Transactions Act, can trigger damages of $100 to $1,000 per transaction, along with attorneys’ fees and costs.

A Virginia Beach hotel broke a privacy-protection law by including restricted information on a credit-card receipt, a hotel guest alleges in a suit filed in federal court in Norfolk.

The plaintiff, James T. Buechler of Baltimore County, Md., contends that Marjac Suites on Atlantic Avenue and its owner, Burlage Hotel Associates, violated a federal statute in January by printing Buechler’s card-expiration date on his receipt at checkout.

Buechler is seeking damages “on behalf of himself and the thousands of other consumers placed at risk by defendant’s unlawful practice,” according to the suit, filed Aug. 10.

Buechler is asking the court to certify his suit as a class action. Members of the proposed class would include individuals who received electronically printed receipts for transactions at Marjac Suites after June 30, 2008, and whose receipts bore the expiration date of their credit or debit card.

For more:  http://hamptonroads.com/2011/08/guest-claims-va-beach-hotel-violated-privacy-law

2 Comments

Filed under Crime, Guest Issues, Legislation, Liability, Management And Ownership, Privacy, Risk Management

Tagged as , , ,

by | August 15, 2011 · 5:31 am

Hospitality Industry Information Security: Hotels And Resorts Are Targeted For Cyber Attacks Because Of Faulty "Data Collection Practices"

“…The report said the largest share of cyber attacks — 38% — were aimed at hotels, resorts and tour companies…”

“… large hotel chains are most vulnerable because hotel management companies may not be able to monitor how data is collected and stored at dozens or even hundreds of properties throughout the world. Independent contractors who work for individual hotels can also open the door to hackers and computer viruses…”

A business traveler who books hotel rooms via the Internet, may be at higher risk of being victimized by computer hackers and identity thieves.

Insurance claims for data theft worldwide jumped 56% last year, with a bigger number of those attacks targeting the hospitality industry, according to a new report by Willis Group Holdings, a British insurance firm.

That could spell trouble for business travelers who submit credit card numbers and other personal information to hotel websites, said Laurie Fraser, global markets leisure practice leader for Willis.

For more:  http://www.latimes.com/business/la-fi-travel-briefcase-20110815,0,65581.story

Comments Off on Hospitality Industry Information Security: Hotels And Resorts Are Targeted For Cyber Attacks Because Of Faulty "Data Collection Practices"

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , ,

by | August 13, 2011 · 7:35 am

Hospitality Industry Information Security: Hotel Kiosk Computer Security Can Be Tested With Free Web Service Tool

“… iKAT (Interactive Kiosk Attack Tool) is a free web service that tries to bypass the protective mechanisms of internet kiosk PCs and gain control of the systems. Such computers can usually be found in hotel lobbies, airport lounges and other public spaces. Kiosk operators can use iKAT to test the resilience of their systems…”

The Linux- or Windows-based kiosk systems are usually protected and only allow specific applications to be launched. The primary aim of iKAT is to start a Windows or Linux shell. To achieve it, iKAT tries to exploit known vulnerabilities in a number of different ways. For example, when opening the iKAT page from a Windows-based kiosk system, users are presented with a “1Click PWN” button – this launches components including Metasploit on the server to scan the kiosk PC for browser exploits. Other avenues include accessing “Open File” or “Print File” dialogs in order to execute cmd.exe.

For more:  http://www.h-online.com/security/news/item/Free-web-service-cracks-internet-kiosks-1321613.html

4 Comments

Filed under Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology

Tagged as , , , ,

by | July 7, 2011 · 6:35 am

Hospitality Industry Guest Room Security: Large Hotel Operator Converts Rooms To "Electronic Lock System", Replacing Mechanical Card Locks As "Magnetic Strip Keycards" Provide "Full Audit Accountability"

  • Each keycard is encoded using a portable Front Desk Unit (FDU), uniquely designed for the hotel industry
  •  The magnetic strip keycard reader provides full audit accountability, enabling management to provide legal support in the event of unauthorized access to a room.
  • For emergency use the Generation E-760 door locks provide emergency access through a mechanical key (fixed or recodable) or electronic override plus an emergency keycard.
 
La Quinta Inns & Suites has announced an agreement with Kaba to install the ILCO 760 locking systems in approximately 140 La Quinta hotels. Implementation will begin in fall 2011.
 
“KABA ILCO products demonstrate the reliability that La Quinta wants for its operators and guests,” says Gerald Rodriguez, vice president of purchasing for LQ Management L.L.C. “We were also impressed with KABA’s willingness to engage in a long-term partnership with La Quinta. This will enable us to provide security to our guests, and professional service and operational excellence to our hotels and their staff into the future.”
 
La Quinta began evaluating electronic lock system providers to replace its mechanical card locks in early 2010. This effort included field testing locks from several manufacturers to verify the best solution for La Quinta’s hotels. After testing, La Quinta chose KABA ILCO 760 locks and the Front Desk Unit (FDU).
 
 

2 Comments

Filed under Guest Issues, Insurance, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology

Tagged as , , , ,

by | July 5, 2011 · 8:22 am

Hospitality Industry Information Security Risks: Hotel Computer Systems Are Increasingly "Breached" Through "Privileged Users" Who Have Total Access To Sensitive Data

“..security breaches are still happening at an even more significant pace with more damaging results.  In the end, many of these advanced intrusions and data security breaches are focused on taking over access to the accounts and permissions of specific “privileged” users in an organization who have access to sensitive data…”

“…These privileged users are specifically targeted by outside hackers because they have proverbial keys to the kingdom, but in some cases the inside user themselves is intent on stealing or doing damage…” 

One solution that is emerging to this problem is to carefully monitor everything (e.g. every key stroke and every mouse click) that a privileged user does on the network, while also putting more granular limits on what they can do.  Basically “trust but verify,” with the goal being detecting any anomalies in a privileged user’s computing usage (e.g. why is this person downloading the source code at 3 a.m.?).  This is not uncommon as it relates to other privileged users in other jobs — the “Eye in the Sky” in the casinos in Las Vegas is equally monitoring the gamblers for cheating but is also monitoring the dealers, and at a bank the CCTV is not only looking for robbers but the teller slipping some money in their pocket.

Instructive of the value of this new approach is that immediately after its breach, the RSA division of EMC acquired private company Netwitness for a reported large premium.  Netwitness is known for analyzing user activity monitoring at the network layer.  In addition, the latest security vendor to file for an IPO, Imperva, has as its core solution the ability to monitor database access and usage by Database Administrators, another type of privileged user.

For more:  http://blogs.forbes.com/tomkemp/2011/07/05/as-hacks-proliferate-new-security-technology-emerges-to-monitor-privileged-it-users/

Comments Off on Hospitality Industry Information Security Risks: Hotel Computer Systems Are Increasingly "Breached" Through "Privileged Users" Who Have Total Access To Sensitive Data

Filed under Crime, Guest Issues, Insurance, Labor Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , ,

by | June 24, 2011 · 4:35 pm

Hospitality Industry Credit Card Risks: Man Who Stole Texas Hotel Guests' "Credit Card Receipts" And "Manufactured Counterfeit Cards" To Purchase Merchandise Sentenced To Five Years In Prison

“…Authorities said Jones and another man, Randy Ray Flaharty, 31, took boxes of monthly credit card receipts of hotel guests from a storage room…”

“…The receipts, officials say, were used to manufacture counterfeit credit cards in document “boiler rooms” and card “chop shops,” which they then used to buy $300,000 worth of merchandise in Texas, Oklahoma and Louisiana...”

“…The cardholders never realized their credit card accounts had been compromised until months, even years, after they stayed at the hotel. But the damage made it hard for some of them to get loans and left lingering headaches in trying to straighten things out, officials said…”

A San Antonio man was sentenced Friday to more than five years in federal prison for stealing thousands of credit card receipts from the Emily Morgan Hotel. The theft allowed conspirators to buy hundreds of thousands of dollars worth of merchandise in three states, authorities say.

Cody Quincy Jones, 34, pleaded guilty in April to ID theft fraud, access device fraud, and aggravated ID theft. Chief U.S. District Judge Fred Biery gave him 41 months for the ID theft fraud charge and 41 months for the access device count, to run concurrently. The judge imposed 24 months on the aggravated ID theft charge, to run consecutively.

The merchandise, which included trailers, televisions, all-terrain vehicles and tires, then was resold or pawned.

The hotel didn’t learn of the thefts until August 2008, and since then, a Secret Service-led task force has ascertained it was San Antonio’s largest identity theft case, with at least 17,000 receipts stolen.

Read more: http://www.mysanantonio.com/news/local_news/article/Conspirator-in-record-setting-I-D-theft-sentenced-1439169.php#ixzz1QF7XXhYu

Comments Off on Hospitality Industry Credit Card Risks: Man Who Stole Texas Hotel Guests' "Credit Card Receipts" And "Manufactured Counterfeit Cards" To Purchase Merchandise Sentenced To Five Years In Prison

Filed under Crime, Guest Issues, Insurance, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , ,

by | June 12, 2011 · 6:24 am

Hospitality Industry Guest Security: Texas Hotel Management Faces Questions On How A Man Stole A "Master Key" And Entered A Guest Room Before Assaulting Guests

“What shocks me most … This guy had a master key and just walked right into the kids’ room high and started swinging at them,” Hernandez said. “Thankfully the kids were screaming and (coach Joseph) Rosendo was nearby to help.”

Attempts to contact Clarion management for a comment on how they lost a master key and the attack itself were unsuccessful Saturday. Hernandez said at least it wasn’t the hotel room with his female athletes.

The coach of the Lubbock Warriors spoke out, voicing many concerns about the hotel’s security and the legal system after his squad was attacked early Friday morning, hours before a boxing competition.

Nicodemus Alvarado, 18, allegedly attacked members of the team while he was drunk and high on cocaine after using a stolen master key to gain entry into their hotel room at the Clarion on the 4300 block of West Wall Street about 12:20 a.m. Friday, police said.

Besides issues with the hotel’s security, Hernandez also raised questions about the legal system in general after he learned of Alvarado’s past.

Alvarado was arrested less than three months ago during an unrelated incident on the exact same charges: First-degree felony for burglary of habitat with intent to commit another felony and for possession of a controlled substance.

He was arrested for the first set of felonies following a March attack on a woman. He allegedly pushed his way into her residence and began assaulting her after he disconnected her emergency call to police, according to the March arrest affidavits.

Despite his $56,000 bond, Alvarado eventually was released from the county lockup. According to clerk of court records, Alvarado was only adjudicated for the misdemeanor charge of interfering with an emergency call during the March 6 incident. It was not known, as of press time Saturday evening, under what circumstances the felony charges were dropped or dismissed

Read more: Coach criticizes hotel, legal system after attack – Mywesttexas.com: Top Stories http://www.mywesttexas.com/top_stories/article_90772213-c4f4-5716-994b-a4279a012afb.html#ixzz1P4TArI00

Comments Off on Hospitality Industry Guest Security: Texas Hotel Management Faces Questions On How A Man Stole A "Master Key" And Entered A Guest Room Before Assaulting Guests

Filed under Crime, Guest Issues, Injuries, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Theft

Tagged as , , ,

by | May 8, 2011 · 6:51 am

Hospitality Industry Guest Privacy: Hotel Management Must Standardize Privacy Procedures For Entering, Cleaning And Inspecting Guest Rooms

“If someone has a couple of articles of clothes on the bed we will move them to make the bed…if they have expensive things on the bed – purses, electronics, cameras – we will not touch that bed.”

“…if there is something sensitive, like a closed wallet or laptop, a supervisor or manager will stand at the door for the employee’s safety…”

“…keep a log on what keys have been used on the room’s electronic doors…”

“…hotels’ insurance providers require police statements for incidents…have everyone write a written statement and sign and date it…”

While every chain hotel has a set corporate policy, each individual hotel may be less stringent and abiding for the guest’s benefit.

“According to Iowa law, we can enter a room anytime we want,” Jepsen said. Generally, hotel staff won’t enter a room if they don’t suspect something may be wrong in the room, Jepsen said. With extended-stay guests, who are staying 30-40 days, they are required to enter the room a minimum of twice a week. They mainly change the sheets and make sure garbage isn’t piling up, but also they make sure their equipment isn’t damaged. By the end of 30 days, a mattress could be ruined or the guest could be smoking in the room, Jepsen said.

There are other reasons for entering a guest’s room. “There have been instances where guests put their ‘do not disturb’ sign up but they may have a medical issue,” said King. “It could go unnoticed for long periods of time.”

“In the back of our mind, we always know what our rights are and what the rights of our guests are,” she said. “You can’t always have rules written in stone.”

Protection exists for both the hotel and the guests. Country Inn & Suites and AmericInn, like most hotels, have video surveillance systems. Both also keep a log on what keys have been used on the room’s electronic doors.

With any serious crime, such as theft, the police are immediately contacted, Jepsen said. “If a guest reports a theft, it’s investigated to its fullest extent,” she said. This is also done because the hotels’ insurance providers require police statements for incidents.

“What I always do is I have everyone write a written statement and sign and date it,” Jepsen said.

For more:  http://www.messengernews.net/page/content.detail/id/538926/Hotel-rules-protect-both-operator-and-guest.html?nav=5010

2 Comments

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Training

Tagged as , , , ,