Tag Archives: Hotels

by | March 10, 2010 · 5:23 am

Hotel Industry Cybercrime: Los Angeles Westin Bonaventure Hotel Disloses Credit Card Security Breach At Four Restaurants

According to Westin, its four restaurants – Lake View Bistro, Lobby Court Bar, Bonavista Lounge, L.A. Prime – along with its valet parking operation may have suffered a data security breach between April and December last year.

(From a InfoSecurity-us.com article)  In further proof that the hospitality industry is becoming a prime target for hackers, The Westin Bonaventure Hotel and Suites has admitted a likely data security breach.

According to a statement issued by Westin, compromised data may include names printed on customer credit or debit cards, card numbers, and expiration dates.

“Guests who used or visited the affected businesses during the eight month-period and who used a credit or debit card to pay their bills directly to the restaurants and valet parking might have had such information compromised and are encouraged to review their statements from that time period,” Westin said.

Although the company gave advice on how to place a full alert on a credit file, it did not offer any credit protection services for potential victims in the statement.

According to the 2010 Global Security Report from Trustwave, hospitality companies became the most breached sector in 2009, representing just over a third of all breaches. That said, the majority of these cases stemmed from a single site breach, the company said at the time.

However, hospitality breaches appear to be mounting. Wyndham Hotels and Resorts also suffered a security breach between late October last year and January. It is not clear whether the Wyndham hack was the single site breach reported by Trustwave, but the hospitality firm said that a hacker went through centralized network connections. “The hacker was then able to access and download information from several, but not all, of the WHR hotels and remove payment card information of a small percentage of our WHR customers,” Wyndham Hotels and Resorts said at the time.

Westin said that although customers of its restaurants and valet operation may have been compromised, the hacker did not gain access to customer card data stored in the system that stored credit card information for its hotel guests.

The Westin Bonaventure Hotel and Suites is independently owned by Today’s IV, Inc. and operated by Interstate Hotels & Resorts, Inc. under a license issued by Westin Hotel Management.

http://www.infosecurity-us.com/view/7881/westin-is-latest-hotel-to-be-hit-by-hackers/

Comments Off on Hotel Industry Cybercrime: Los Angeles Westin Bonaventure Hotel Disloses Credit Card Security Breach At Four Restaurants

Filed under Crime, Liability

Tagged as , , , ,

by | March 6, 2010 · 4:26 am

Hospitality Industry Legal Issues: Medical Marijuana and Non-Smoking Hotels

 I recently had one of my hotels call me about a guest who was burning incense in his guestroom, while he was staying at the hotel. After the guest checked out, he was charged the Hotel’s “no smoking fee” of $250, as the Hotel was a non smoking hotel.

The guest immediately challenged the no smoking fee, and claimed he was burning the incense for “medical” reasons, it was “aroma therapy”. The Hotel asked the guest for a note from his Doctor prescribing the “aroma therapy” and guess what…the guest produced a Doctor’s note. It was a real prescription, from a real Doctor. So, that begs the question….does the American’s with Disabilities Act (ADA) apply? Do you as an Innkeeper have to allow aroma therapy or medical marijuana use in your non smoking hotel?

The answer is: We’re not sure yet…..

I took this question to the Hospitality Law Conference, which is held in Houston every February. The Hospitality Law Conference is attended by 400 hospitality Attorneys. These Attorneys come from all the major hotel brands, major hotel management companies and includes hospitality educators from all of the major hospitality Universities nationally. I searched out the best hospitality legal minds from our industry to discuss this issue with them.

I was surprised to learn there was no general consensus on how to handle medical marijuana /aroma therapy and the ADA, at hotels. There is no known “case law” on this issue yet, and I received a wide variety of legal opinions on how to handle the medical marijuana dilemma. I have summarized below, the “best practices” for handling medical marijuana / aroma therapy at your Hotel, based on discussions I had with the hospitality industry legal experts:

  1. Place marijuana smokers in “smoking rooms” when available. If you receive a guest complaint of marijuana use in the hotel, you should investigate. If you find the marijuana smoker, ask them for their medical prescription, or State ID card, for legal medical marijuana use. If they have the proper paperwork, allow them to continue in the smoking room (if you allow smoking). If they don’t have proof of the legal use of marijuana, ask them to stop, call the Police, or handle it according to your management guidelines.
  2. If you are an all “No Smoking” hotel, then guests using medical marijuana should be handled the same as cigarette smokers. They must leave the building to smoke. They are no different than cigarette smokers. If they smoke in their guestroom and you have the proper “no smoking” notifications and signage, then charge them your normal smoking fee. Again, you treat them the same as a cigarette smoker. I would recommend if you have “no smoking” signage in the rooms, that you add the words “this includes medical marijuana” on the signs at your next convenience.

 *****Note****, number 2 above applies to guests who are “mobile” and who can easily walk around, use the stairs and elevators, and have no physical restrictions. Most of the legal experts I spoke to agreed, that if a guest has limited mobility, due to a disability etc, then we should handle this guest differently. If the guest cannot easily exit and enter the hotel to smoke their medical marijuana, and they insist that the marijuana is part of their treatment for their disability, then you should allow them to smoke in their non-smoking room. Under these circumstances, the legal experts felt the disabled guest could fall under the ADA laws, due to their limited mobility etc. You should not charge them a “smoking fee”.

These suggestions are based on the opinions of the “best of the best” hospitality legal experts. As you know, the medical marijuana issue is being debated, legalized and defended all over the United States. Call your local Police or Sheriff departments and find out what your local and State laws are regarding medical marijuana. You should manage the guests at your hotels according to your specific laws.

Remember, you also have the right to ask a guest who is smoking marijuana to stop, unless they have a legal prescription, from a real Doctor, to be using the medical marijuana. If the guest does not have the legal paperwork to smoke marijuana, you can make them stop. Call the Police or Sheriff for assistance if necessary. You can use the internet to “google” a Doctor’s name or clinic, if you want to independently verify the validity of a guest’s medical marijuana use.

I’m sure somewhere in the United States in the near future, we will see some “case law” on the use of medical marijuana, the ADA, no smoking businesses and related issues. Until then, I hope these “best practices” help.

(Todd Seiders, CLSD, is director of risk management for Petra Risk Solutions, which provides a full-range of risk management and insurance services for hospitality owners and operators. Their website is: www.petrarisksolutions.com. Todd can be reached at 800-466-8951 or via e-mail at: todds@petrarisksolutions.com.)  

Feb 2010

104 Comments

Filed under Crime, Health, Liability

Tagged as , , , ,

by | March 3, 2010 · 4:52 am

Hotel Food-Safety: Inspectors Found Dozens Of Violations At Super Bowl Headquarters Hotel For NFL Employees Who Got Sick During Super Bowl Week

The Florida Department of Business and Professional Regulation, which oversees food sellers, inspected the hotel Wednesday and found violations such as open food stored in unclean places, employees handling food with bare hands, lack of handwashing and dirty conditions, the inspection report showed.

Inspectors found a dozen critical food-safety violations this week in the restaurant of the NFL’s headquarters hotel, where 25 league employees here for Super Bowl XLIV got sick from a stomach bug.

The oceanfront Westin Beach Resort in Fort Lauderdale also had failed a restaurant inspection in September, and let its license expire in December by not paying a $457 renewal fee, state officials said Friday.

Health officials were quick to say they did not yet know what caused the outbreak, how the guests got it or whether the hotel bore any blame. Samples were still being tested.

http://articles.sun-sentinel.com/2010-02-05/business/fl-super-bowl-food-illnesses-20100205_1_starwood-hotels-hotel-attorney-stomach-bug

Comments Off on Hotel Food-Safety: Inspectors Found Dozens Of Violations At Super Bowl Headquarters Hotel For NFL Employees Who Got Sick During Super Bowl Week

Filed under Health, Liability

Tagged as , , , ,

by | March 1, 2010 · 6:20 am

Hospitality Industry Risk: Cybercrime Is Targeting Hotels And Resorts As Credit Card Information Is Relatively Unprotected

(From a BlackBookMag.com article)  According to Nicholas Percoco, a cybersecurity researcher for the security firm Trustwave, “The hospitality industry was the flavor of the year for cybercrime.”

In 38% of the security breach investigations Trustwave performed last year, hotels and resorts were the victims. That’s way up from 2008, when the hospitality industry wasn’t nearly so trendy for identity thieves and there were hardly any incidents.

Hotels and resorts tend to have a lot of data–like your credit card info–that is relatively unprotected, making them pretty dreamy for hackers. Last year, both Radisson and Wyndham Hotels reported hacking incidents, and who knows what other hotels got hacked but didn’t report it. So, fork over your personal credit card with care at check-in, or maybe use this as an excuse to charge any and all hotel stays on the company card.

http://www.blackbookmag.com/article/your-hotel-stay-stole-your-credit-card/15885

2 Comments

Filed under Crime, Liability

Tagged as , , , ,

by | February 28, 2010 · 6:08 am

Hospitality Industry Risk: Many Hotel Spa’s Are Underinsured With Spa Owners Liable For Injuries To Clients

(From a SmartMoney.com article)  With the growth of the spa industry, consistent standards have become an afterthought. Industry associations do exist, but membership is strictly voluntary. The biggest one, ISPA, represents about 3,200 spas worldwide, but its application process isn’t exactly grueling. Members must agree to abide by the association’s “standards and practices,” which include requirements such as clean treatment rooms and staffers trained in CPR.

They also have to adhere to a code of conduct, which is a list of spa-goers’ rights and responsibilities, says ISPA’s executive director, Lynne Walker McNees. But in the end, spa industry regulations vary from state to state, so there’s no uniform set of guidelines.

As a result, many spas carry inadequate insurance, says Mary Lynne Blaesser, a certified insurance counselor at the Marine Agency, which has provided coverage for about 15,000 spas. “In most states, the only insurance spas are required to carry by law is workers’ comp,” Blaesser says.Without professional or general liability in effect, an injured customer would have to seek recourse or reimbursement directly from the spa owner rather than an insurance company. However, most leases require that lessees carry general liability coverage for such things as trip and fall claims.

The combination of spotty insurance and almost nonexistent refund policies means one thing for dissatisfied customers: Good luck collecting if something goes wrong. And that applies even for the most egregious mishaps. Leandros Vrionedes, a personal-injury lawyer in New York City, had a client whose day-spa facial turned into a horror show. “The esthetician oversteamed the client and applied the wax immediately after,” Vrionedes says. “She wound up taking part of this person’s face off — several layers of skin were removed. The spa argued that it was the fault of the product and we didn’t have a case. We argued that it was the procedure.” After five years of legal wrangling, including trial to verdict and an appeal, the woman received an undisclosed settlement — which her lawyer describes as “not enough.”

Even when a spa does carry insurance, consumers may have a tough time obtaining compensation for injury.

“Some insurance companies will fight you tooth and nail,” Vrionedes says. Don’t assume, though, that you have no case just because of some lengthy waiver you signed when you arrived at the facility. According to Vrionedes, some of these documents will hold up in court, but others won’t — especially those that are all-encompassing. If the release “absolves the spa of absolutely everything in the world,” he says, courts will sometimes void the agreement.

http://www.smartmoney.com/spending/deals/10-things-your-spa-wont-tell-you-10378/?page=3

Comments Off on Hospitality Industry Risk: Many Hotel Spa’s Are Underinsured With Spa Owners Liable For Injuries To Clients

Filed under Health, Insurance, Liability, Training

Tagged as , , , ,

by | February 26, 2010 · 6:07 am

Hospitality Industry Privacy: Hotels Must Safeguard Guests’ Privacy And Provide Better Hotel Security As Erin Andrews Incident Demonstrated

On October 12, the television magazine Inside Edition aired a segment in which they visited several hotels to reserve a room next to an employee who was posing as a hotel guest. In each case, the hotel was unaware of the purported sting operation. In each case, without challenging the inquirer, the reservationist complied.

  As a result of the unauthorized video release on the Internet and the suspect’s demonstrated pattern of stalking Ms. Andrews, several news media organizations are calling or visiting hotels and asking for specific rooms, next to specific registered guests (typically undercover media producers posing as registered guests) to see what security measures are in place at the hotel. Commonly referred to as “tabloid journalism,” various media outlets have resorted to these stings to entrap hoteliers doing something wrong and to boost their viewership ratings.

  On October 12, the television magazine Inside Edition aired a segment in which they visited several hotels to reserve a room next to an employee who was posing as a hotel guest. In each case, the hotel was unaware of the purported sting operation. In each case, without challenging the inquirer, the reservationist complied.

So, what can and should hotels do to avoid falling prey to investigative reporters and more importantly ensure the safety and privacy of their guests? Here are eight steps to get started:

  1. ESPN's Erin Andrews

    Immediately start discussing this case with the hotel’s front desk and reservation staff. Make sure that everyone realizes the widespread magnitude and fallout of the privacy violation of Ms. Andrews. If you need more info, “Google” Erin Andrews, and you can get all the latest news from the Internet. In fact, just by searching the keywords “hotel” and “peeping tom” more than 213,000 hits will be revealed in Google, almost all referring to the Erin Andrews incident. And of course the name of the hotel where the incident occurred appears in nearly every hit.

  2. Revisit basic hotel security and privacy procedures, and do some staff training at your hotel. Now more than ever it is appropriate to ask more questions of guests, challenge suspicious people on your property, and evaluate your security cameras, security policies, locking entrance doors, elevator and stairwell access, etc. And expect the stings by investigative journalist to continue into the foreseeable future.
  3. Empower hotel employees to challenge requests for rooms next to other guests. Hotel staff members should ask the requestor why they would like a specific room, and what their relationship is with the person they are requesting to be housed adjacent to. Do not grant the special room request without contacting the other guest and securing their permission; ask them if they know the person who is requesting the special room. We all hate to say “NO” to anyone for anything, but times have changed, and a hotel must take a more proactive stance in guest safety and privacy.
  4. To the extent possible, do not block VIP guests or celebrities in rooms until the morning of arrival. Only advise non-management employees about the name and room number of the celebrity on a “need to know basis” and never in advance of arrival. This will help prevent the identity and location of the celebrity from becoming known outside the hotel and individuals seeking accommodations near the celebrity’s guestroom.
  5. Be more curious and suspicious, and allow staff members some leeway in also being more careful. Do not criticize or punish employees for being too safe. Remember, it is a different world out there from a few years ago. Safety and privacy must be the first priority of every hotel nowadays. Guests expect nothing less.
  6. If a guest complains, IT DOESN’T MEAN YOU DID SOMETHING WRONG! I have to keep reminding my clients of this fact. Sometimes guests “think” they know a law, or industry standard, when in fact many do not know what they are talking about. Hotel employees have every right to ask more questions of a guest who is requesting a room next to someone else, to refuse to connect a caller to a room number where they do not know the registered guest’s name, or to ask questions of a guest loitering around the hotel.
  7. Change your mindset from an immediate “YES” to a more carefully thought out response to guest requests that places safety and privacy at the forefront. Start evaluating guest requests more carefully, and how they may apply to guest security issues. “YES” is always the appropriate response if the request does not compromise the safety and privacy of others or the hotel. If it does, then the correct response is a courteous “NO” with the offer of a suitable alternative (if possible).
  8. Remember, Management retains the right to ask any news media personnel off hotel premises. You do not “have” to answer questions, especially if the media “ambushes” you with cameras in your face. If you find someone walking around your property doing a secret undercover investigation, you can order them off your property immediately. Hotels are considered private property and Management retains complete control of who can and cannot be on your property, as long as such ejection does not violate regulations, statutes or ordinances designed to eliminate illegal discrimination in hotels. Train all employees to refer all media requests only to the hotel’s designated spokesperson and discipline or terminate employees who fail to comply with the workplace rule. Finally, call the police for assistance if media refuse to comply with requests to leave the hotel’s premises.  

(Todd Seiders, CLSD, is director of risk management for Petra Risk Solutions, which provides a full-range of risk management and insurance services for hospitality owners and operators. Their website is: www.petrarisksolutions.com. Todd can be reached at 800-466-8951 or via e-mail at: todds@petrarisksolutions.com.)

Comments Off on Hospitality Industry Privacy: Hotels Must Safeguard Guests’ Privacy And Provide Better Hotel Security As Erin Andrews Incident Demonstrated

Filed under Insurance, Liability, Training

Tagged as , , ,

by | February 25, 2010 · 6:19 am

Hospitality Industry Risk: Hotel Front Desk Clerks Must “Refuse Accomodations If They Have Just Cause”, Such As Suspecting Prostitution

“Every person who keeps any disorderly house, or any house for the purpose of assignation or prostitution, or any house of public resort, by which the peace, comfort, or decency of the immediate neighborhood is habitually disturbed, or who keeps any inn in a disorderly manner; and every person who lets any apartment or tenement, knowing that it is to be used for the purpose of assignation or prostitution, is guilty of a misdemeanor.”

The one word everyone who works in hospitality hates to say to a guest is…”No”. We are all trained in fact to never say “no”, and to try and accommodate our guests every request or need. But, in the real world there are those rare occasions that one should say “no”, one must say “no”, and one must absolutely positively scream “no”, if the situation requires it.

Here is an actual case in point that hotel front desk personnel may likely experience:

A full service hotel in the greater Los Angeles area received a visit from the Los Angeles Police Department’s (LAPD) Vice Division. A plainclothes male vice officer and an undercover female police officer came to the hotel to look for violations of California Law 316 PC:

“Every person who keeps any disorderly house, or any house for the purpose of assignation or prostitution, or any house of public resort, by which the peace, comfort, or decency of the immediate neighborhood is habitually disturbed, or who keeps any inn in a disorderly manner; and every person who lets any apartment or tenement, knowing that it is to be used for the purpose of assignation or prostitution, is guilty of a misdemeanor.”

Every state in America has a similar law, which makes it a crime to knowingly allow prostitution inside your establishment.

The two officers approached the front desk and asked to rent a room. The front desk clerk asked for a credit card, but the vice officer said he only had cash to pay for the room. The vice officer went on to say, “I don’t want to use a credit card, because I’m here with a prostitute, and I don’t want my wife to find out.” This was the “bait” of the police “sting”, and now it was up to the front desk clerk to say “no”, and not allow prostitution inside the hotel.

The front desk clerk clearly heard what the vice officer said (that he was with a prostitute), and knew he wasn’t going to rent him a room. But, the desk clerk did not directly say “no”. Instead, the clerk tried to find a more “hospitable” way to refuse to rent the room. The front desk clerk knew the vice officer did not want to use a credit card for the room, so he thought he could use this fact to politely deny him a room.

The desk clerk told the vice officer that a credit card was required to rent the room, but that he could pay cash at the end of the stay, if he chose to. The desk clerk said if he did not have a credit card, then he could not rent him a room.

Here’s what the LAPD vice officer heard: “If you had a credit card, I would rent you a room.” Isn’t that what the front desk clerk said? Instead of saying, “No, I’m sorry, but we don’t allow prostitution in this hotel, please leave”, the vice officer heard, “If you had a credit card, you could rent a room.” The vice officer issued the front desk clerk a citation for “keeping a disorderly house”, and left. The desk clerk now has to appear in court to defend his actions.

The desk clerk said later he was confident that demanding a credit card for the room would have foiled this man’s attempt to use the hotel with a prostitute. The desk clerk said if the vice officer had produced a credit card to use, he would have still denied him a room, and would have summoned the General Manager to ask the man and prostitute to leave the hotel. The desk clerk knew NOT to rent the room to a prostitute.

As one can see from this incident, all of the legal proceedings, court appearances, and possible bad press from the sting, could have been avoided with one simple word…“No”.

Generally, Innkeeper Laws in all states allow hotels to refuse renting a room under these following conditions (amongst others):

  1. To preserve the innkeeper’s property from potential damage
  2. To prevent a violation of the law
  3. To maintain the premises so as to preserve the peace and tranquility of the other guests
  4. To protect the guests’ physical safety
  5. Because of the hotel’s previous bad history with the guest

 Yes, front desk attendants can say “no” to a guest seeking accommodations if the guest falls under any of the above situations. These situations are very broad, so you can get creative with their interpretation and use them to keep bad guests from renting a room. Just make sure that the belief for denying registration is well-founded and defensible and that potential guests are not being excluded based upon protected class status (e.g., race, gender, religion, ethnicity, etc.)

Front desk managers must train their staff to say “no” when it is appropriate to do so, and tell them you will support their decision to refuse accommodations if they have “just cause”. Discuss possible situations that may occur, and how to properly deny service or a room. Hotel managers may also want to contact their hotel brand’s corporate loss prevention or security departments for outside training and help. Similarly, the hotel’s insurance carrier or broker may also provide risk management staff that can help educate and train the front desk team on these matters.

Sometimes, you just HAVE to say “NO”.

(Todd Seiders, CLSD, is director of risk management for Petra Risk Solutions, which provides a full-range of risk management and insurance services for hospitality owners and operators. Their website is: www.petrarisksolutions.com. Todd can be reached at 800-466-8951 or via e-mail at: todds@petrarisksolutions.com.)

Comments Off on Hospitality Industry Risk: Hotel Front Desk Clerks Must “Refuse Accomodations If They Have Just Cause”, Such As Suspecting Prostitution

Filed under Liability, Training

Tagged as , , ,