HOTEL BUSINESS REVIEW
DECEMBER FOCUS: Hotel Law

Not-So-Suite Cybersecurity Concerns in the Hospitality Industry

By Julia Kadish Associate, Sheppard, Mullin, Richter & Hampton | December 2023

This article was co-authored by Lauren Stewart, Associate, Sheppard, Mullin, Richter & Hampton LLP

Guests attempt to get into their hotel rooms with the room keycards, but the keycard system is not working.

The group of friends celebrating a birthday at the hotel bar goes to "cash out," for the night, but the register and credit card payment terminal are reading back an error code.

Potential guests are trying to make reservations through customer service in the city where the Super Bowl was just announced, but the phone lines are down. A bad actor is in the hotel lobby attempting to steal online credentials from guests through the hotel's Wi-Fi.

These are all very real threats that operators in the hotel industry face on a daily basis. Unfortunately, ransomware and other types of cyber-attacks are no longer atypical. When hotel guest data or technology supporting the hotel industry are compromised, links in the chain within the hospitality industry may be threatened.

Given these ever-increasing risks, businesses in the hospitality industry should stay vigilant in developing and maintaining a comprehensive cybersecurity program and procedures designed to secure and protect personal information. Below, we discuss what companies in this industry may want to consider from a legal perspective in their cybersecurity readiness efforts.

Know Your Data and Where it is At

Before an organization establishes and maintains a cybersecurity program, it helps to have a firm understanding of the type of information that it collects and where that information is stored. The hospitality industry sits in a peculiar position because of the opportunity for multi-modal interactions with guests and the surprisingly wider swath of information it may ultimately collect in the course of running its business.

Data collection could take place at every stage of a guest's stay at a hotel. If the guest books online, a guest's personal information and credit card information are provided, and that information often remains stored (in some form) when the guest arrives. Hotels typically require a guest to provide identification such as a driver's license or passport, and the hotel may store that information as well. Hotels may collect additional guest data in order to store guest preferences, to operate loyalty or reward programs, or to track guest feedback. Different systems, vendors, and third-party tools or applications are used for each of these functions (and some functions themselves require multiple vendors).

Know Your Potential Attack Vectors

An organization's cybersecurity posture is only as strong as its weakest link. The hospitality industry probably knows this more than most. Hotels may employ individuals across a wider variety of roles and functions than a typical standalone company. Hotels often include businesses within the operation that open up additional points of risk, such as spas, restaurants, retail, and bars. With such a disaggregated workforce, hotels face increased points of entry for bad actors.

Hotels can mitigate this risk by requiring consistent data privacy compliance across all employees and tenants. Beyond privacy, a comprehensive and coordinated approach to privacy compliance can also help to ensure a consistent and exceptional guest experience. And while a lot of businesses may try to train their employees to understand the importance of customer data and how it may be processed, this can be a particularly challenging task for the hospitality industry.

Given the wide range of employee roles, the onboarding, training, processes and procedures, and type of skills needed for day-to-day operations varies greatly across the hospitality workforce.

From corporate employees to the front desk staff, to outsourced contractors and housekeeping, trying to ensure that such a broad workforce is trained on how to recognize and report social engineering attempts is no small feat. Organizations may want to consider each potential "entry" point for a cyber threat, identify what systems store guest and employee data, and think about how employees typically interface with these systems in the course of doing their job, and then craft tailored cybersecurity training exercises for each.

But, there are also other more creative ways in which bad actors may infiltrate systems and try to gain access to personal information. Thinking through all potential ways in which threat actors may infiltrate those data points is a separate, but worthwhile exercise. For instance, call center and IT support may have access to this personal information. With more sophisticated attacks occurring through the use of artificial intelligence – i.e., voice phishing to trick IT support or call centers into bypassing multi-factor authentication – vendor diligence of any third party support as well as ongoing audit and monitoring of these third parties can be helpful to companies.

Know What Laws May Apply

Adding to the complexity for hotel operators is the patchwork of potential data security laws that may apply. These laws may apply based on certain types of information that hotels collect, and/or because a company collects information from residents of the impacted state or territory. In the US, at least twenty-two (22) states have laws that require companies to protect personal information. Some of these state laws contemplate that specific requirements be addressed in a data security program (e.g., written information security policy, vendor contractual requirements, employee training, a designated person in charge, etc.). Others generally require that "reasonable security" measures be deployed.

Aside from US requirements, the hospitality industry should consider that guests may be residents of other countries, potentially triggering applicability of international privacy laws like the European Union and United Kingdom's General Data Protection Regulation (GDPR). Often, these international laws apply extraterritorially (i.e., to non-EU/UK based businesses) where a company offers services to or "monitors" the behavior of individuals in the EU/UK. While these more "comprehensive" international laws may not necessarily be more proscriptive than US requirements when it comes to specific data security measures that should be used, they carry weight of added enforcement oversight and potential fines.

In addition to statutory requirements, there are also industry and self-regulating standards with which hotels may need to comply. Hotels usually process a high volume of credit card transactions, which typically occur vis-a-via payment terminals (e.g., the front desk, parking garage, restaurant, etc.), by phone, or online (website or mobile app). The collection of payment card data triggers the Payment Card Industry Data Security Standard (PCI DSS) requirements. These robust standards could apply in addition to the myriad of other statutory requirements. Contractual requirements between business partners (as discussed further below) may also set forth expectations to comply with industry standards such as the National Institute of Standards and Technology (NIST) or to receive SOC 2 certification.

Aside from the specific measures that companies may be required to use to protect personal information, when a company faces a data security "breach," they face another patchwork of potential requirements. Every state in the US has enacted a data breach notification law – and some have multiple. There are a host of industry-specific laws that may require data breach notification. For hotel brands that are public companies, the SEC recently updated its data breach notification requirements imposing an exceedingly fast four business day notification period. This is one of the most aggressive turn-arounds in the US in terms of data breach notification requirements.

Under the new rule, a public company that suffers a "material cybersecurity incident" will have to file a Form 8-K disclosing the incident within four business days after the company's materiality determination. Material means it is substantially likely that an investor would consider impact of the incident important in making an investment decision, or if it alters the total mix of available information.

The hospitality industry was the first to test the waters of this new rule. Recently, MGM was the first to file an SEC Form 8-K under the SEC's new cybersecurity disclosure rule. Shortly thereafter, Caesar's also submitted a cybersecurity disclosure to the SEC. Both companies have been faced with a slew of class action lawsuits in the weeks following their initial disclosures.

Aside from state and federal requirements, contracts between business partners also typically set forth specific triggers for notification. Below, we further discuss how these agreements between different parties in the hotel ecosystem may help standardize and allocate responsibilities when it comes to data security.

Know How These Responsibilities are Shared

When developing a cybersecurity program, those within the hospitality industry should think about which party should be responsible for defining the requirements and which party will be responsible in the event something goes wrong. Depending on the structure of hotel management, many hotel developers elect to enter into either a franchise agreement or a hotel management agreement. A franchise agreement allows the hotel to operate under a hotel brand name, and acts as a license for the hotel operator to do so.

A hotel management agreement is an agreement between a hotel developer and a hotel manager to establish guidelines from the hotel owner that a hotel manager must follow. Both franchise agreements and hotel management agreements typically contain standards and requirements for the storage of personal data. These agreements may also include procedures for what to do in the event of a data breach, which may involve notifying the other party to the agreement, cooperating with investigations into the breach, and remediating the breach.

Some hotels may also lease space within their facilities to third party vendors to offer services like a spa or restaurant. These are typically evidenced by the hotel operator and the tenant entering into a lease. When negotiating a lease, a hotel operator is typically in the best position to establish how guest data may be collected and stored and to require that the tenant comply with all applicable data protection and privacy laws.

No matter what, hotels are subject to complying with local, state, and federal law with respect to collecting, using, and storing personal information of guests and employees. Franchise agreements, hotel management agreements, and leases can give hotel operators a chance to contractually ensure that personal data is being stored consistently and that all parties are aligned on what to do in the event of a data breach. While cyber insurance can help mitigate the expenses arising out of cyber-attacks, companies should be mindful of the notification requirements under these policies and the growing list of possible exclusions to coverage.

Summing it Up

For the hospitality industry, cyber-attacks may not only pose significant legal risks, but PR and brand perception risks. While guests want to enjoy themselves and feel "secure" when staying at a property, they also want to know that the information they entrust to hotels is equally protected. Developing and maintaining data security compliance standards will help hotels to have a good understanding of the information they collect, the measures that should be used to protect it, mitigate the risk of legal exposure, and confirm that the standards and expectations for these data security measures are intended to be applied consistently across properties and owners.

Terms & Conditions

The following are terms of a legal agreement ("Agreement") between you and HotelExecutive. By accessing, browsing and/or otherwise using this web site, HotelExecutive, you acknowledge that you have read, understood and agreed to be bound by these terms and conditions, and to comply with all applicable laws and regulations, including U.S. export and re-export control laws and regulations. If you do not agree to all of these terms and conditions, you may not access, browse and/or use HotelExecutive. The material provided on HotelExecutive is protected by law, including, but not limited to, United States copyright law and international treaties.

These terms of access apply to your access to and use of HotelExecutive and do not alter in any way the terms and conditions of any other agreement you may have with HotelExecutive for products, software, services or otherwise, unless otherwise directed by HotelExecutive. If you breach any of these terms and conditions, your authorization to use HotelExecutive automatically terminates and you must immediately destroy any downloaded or printed materials and discontinue use of any hyperlinks to HotelExecutive.

1. USE RESTRICTIONS

Copyright. All Site materials, including, without limitation, text, pictures, graphics and other files and the selection and arrangement thereof are copyrighted materials of HotelExecutive © 1996-2016, ALL RIGHTS RESERVED, or by the original creator of the material. Permission is granted to display and use the materials on HotelExecutive for private individual, educational and noncommercial use only, provided you do not modify the materials and that you retain all copyright and other proprietary notices contained in the materials. You may not, however, distribute, copy, reproduce, display, republish, download, or transmit any material on HotelExecutive for commercial use without prior written approval from HotelExecutive. You may not "mirror" any material contained on HotelExecutive on any other server without prior written permission from HotelExecutive. Any unauthorized use of any material contained on HotelExecutive may violate copyright laws, trademark laws, the laws of privacy and publicity and communications regulations and statutes.

Trademarks

The trademarks, service marks, trade names and logos (the "Trademarks") used and displayed on HotelExecutive are registered and unregistered Trademarks of HotelExecutive. In addition, all page headers, custom graphics, icons and scripts are service marks, trademarks and/or trade dress of HotelExecutive, and may not be copied, imitated or used, in whole or in part, without the prior written permission of HotelExecutive. You acknowledge that the Trademarks used and displayed on HotelExecutive are and shall remain the sole property of HotelExecutive or the Trademark owner. Nothing in this Agreement shall confer any right of ownership of any of the Trademarks in you. Further, nothing in HotelExecutive shall be construed as granting, by implication, estoppel or otherwise any license or right to use any Trademark used or displayed on HotelExecutive, without the express written permission of HotelExecutive or the Trademark owner. The misuse of the trademarks displayed on HotelExecutive, or any other Content on HotelExecutive, is strictly prohibited.

Hyperlinks

You are granted a limited, nonexclusive right to create a hypertext link to HotelExecutive provided that such link is to the entry page of HotelExecutive and does not portray HotelExecutive or any of its products or services in a false, misleading, derogatory, or otherwise defamatory manner. This limited right may be revoked at any time for any reason whatsoever. You may not use framing techniques to enclose any Company trademark, logo or trade name or other proprietary information including the images found at HotelExecutive, the Content of any text or the layout/design of any page or any form contained on a page without HotelExecutive's express written consent. Links to third party sites on HotelExecutive are provided solely as convenience to you. If you use these links, you will leave HotelExecutive. HotelExecutive has not reviewed all of these third party sites and does not control and is not responsible for any of these sites, their Content or their policies, including, without limitation, privacy policies or lack thereof. HotelExecutive does not endorse or make any representations about third party sites or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third party sites linked to HotelExecutive, you do so entirely at your own risk. You acknowledge and agree that HotelExecutive shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by, or in connection with the use of or reliance on any such third party sites.

Downloadable Materials

Any software, including codes or other materials that are made available to download from HotelExecutive, is the copyrighted work of HotelExecutive and/or its suppliers and affiliates. If you download software from HotelExecutive, use of the software is subject to the license terms in the software license agreement that accompanies or is provided with the software. You may not download or install the software until you have read and accepted the terms of the applicable software license agreement. Without limiting the foregoing, copying or reproduction of the software to any other server or location for further reproduction or redistribution is expressly prohibited unless otherwise provided for in the applicable software license agreement in the case of software, or the express written consent of HotelExecutive in the case of codes or other downloadable materials.

Limited Access

Except as otherwise expressly permitted by HotelExecutive, any access or attempt to access other areas of HotelExecutive computer system or other information contained on the system for any purposes is strictly prohibited. You agree that you will not use any robot, spider, other automatic device, or manual process to "screen scrape," monitor, "mine," or copy the Web pages on HotelExecutive or the Content contained therein without HotelExecutive's prior, express, and written permission. You will not spam or send unsolicited e-mail to any other user of HotelExecutive for any reason. You agree that you will not use any device, software or routine to interfere or attempt to interfere with the proper working of HotelExecutive. You agree that you will not take any action that imposes an unreasonable or disproportionately large load on HotelExecutive's infrastructure.

Additional Use Restrictions

You shall not post, transmit, e-mail, re-transmit or store material on or through any of the services provided by HotelExecutive (the "Services") which, in the sole judgment of HotelExecutive: (i) is in violation of any local, state, federal or non-United States law or regulation, (ii) is threatening, obscene, indecent, defamatory or that otherwise could adversely affect any individual, group or entity (collectively, "Persons") or (iii) violates the rights of any person, including rights protected by copyright, trade secret, patent or other intellectual property or similar laws or regulations including, but not limited to, the installation or distribution of "pirated" or other unauthorized photos or software products that are not appropriately licensed for use by you. You shall be responsible for determining what laws or regulations are applicable to its use of the Services. In addition, you may only use the Services in a manner that, in HotelExecutive's sole judgment, is consistent with the purposes of such Services. If you are unsure of whether any contemplated use or action is permitted, please contact HotelExecutive at editor@HotelExecutive By way of example, and not limitation, the following uses described below of the Services are expressly prohibited:

A. upload, post, e-mail or otherwise transmit any information, data, text, software, music, sound, photographs, graphics, video, messages or other materials (collectively, "Content") that is unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libelous, invasive of another's privacy, hateful, sexually intolerant or racially, ethnically or otherwise objectionable;

B. impersonate any person or entity, including, but not limited to, a Company official, forum leader, guide or host, or falsely state or otherwise misrepresent your affiliation with a person or entity;

C. forge headers or otherwise manipulate identifiers in order to disguise the origin of any Content transmitted through the Services or develop restricted or password-only access pages, or hidden pages or images (those not linked to from another accessible page);

D. upload, post, e-mail or otherwise transmit any Content that you do not have a right to transmit under any law or under contractual or fiduciary relationships such as inside information, proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements;

E. upload, post, e-mail or otherwise transmit any Content that infringes any patent, trademark, trade secret, copyright or other proprietary rights of any party;

F. upload, post, e-mail or otherwise transmit any unsolicited or unauthorized advertising, promotional materials, "junk mail," "spam," "chain letters," "pyramid schemes" or any other form of solicitation;

G. upload, post, e-mail or otherwise transmit any material that contains software viruses, worms or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment;

H. interfere with or disrupt the Services or servers or networks connected to the Services, or disobey any requirements, procedures, policies or regulations of networks connected to the Services;

I. intentionally or unintentionally violate any applicable local, state, national or international law, including, but not limited to, regulations promulgated by the U.S. Securities and Exchange Commission, any rules of any national or other securities exchange, including, without limitation, the New York Stock Exchange, the American Stock Exchange or the NASDAQ, and any regulations having the force of law;

J. 'stalk' or otherwise harass another user of HotelExecutive or Company employee or official;

K. promote or provide instructional information about illegal activities, promote physical harm or injury against any group or individual, or promote any act of cruelty to animals. This may include, but is not limited to, providing instructions on how to assemble bombs, grenades and other weapons, and creating "Crush" sites; and

L. effecting security breaches or disruptions of Internet communication. Security breaches include, but are not limited to, accessing data of which you are not an intended recipient or logging into a server or account that you are not expressly authorized to access.

M. advertising to, or soliciting any user of HotelExecutive to buy or sell any products or services through the unauthorized or impermissible use of the Services. You may not transmit any junk email or chain letters to other users. If you breach this Agreement and send unsolicited bulk email, instant messages or other unauthorized commercial communications of any kind through the Services, you acknowledge that you will have caused substantial harm to HotelExecutive, but that the amount of such harm would be extremely difficult to ascertain. As a reasonable estimation of such harm, you agree to pay HotelExecutive $500 for each such unsolicited email or other unauthorized commercial communication you send to each user through the Services.

2. DISCLAIMER WARRANTY

HotelExecutive, including all software, functions, materials, and information is provided "as is" without warranties of any kind, either express or implied. HotelExecutive disclaims all warranties, express or implied, including, but not limited to, warranties of non-infringement and implied warranties of merchantability, fitness for a particular purpose, non-infringement, title, merchantability of computer programs, data accuracy, system integration, and informational Content. HotelExecutive does not warrant or make any representations regarding the operation of HotelExecutive, the use, validity, accuracy or reliability of, or the results of the use of the materials on HotelExecutive or any other sites linked to HotelExecutive. The materials of HotelExecutive may be out of date, and HotelExecutive makes no commitment to update the materials at HotelExecutive. HotelExecutive does not and cannot guarantee or warrant that the files available for downloading from HotelExecutive, if any, will be free from infection, viruses, worms, Trojan horses, or other code that manifest contaminating or destructive properties. HotelExecutive does not warrant that HotelExecutive, software, materials, products, or services will be uninterrupted or error-free or that any defects in HotelExecutive, software, materials, products, or services will be corrected.

3. LIMITATION OF LIABILITY

In no event will HotelExecutive, its suppliers or other third parties mentioned at or in HotelExecutive be liable for any damages, including, without limitation direct, indirect, special, incidental, or consequential damages, damages resulting from lost profits, lost data or business interruption arising out of relating to the use, inability to use, or resulting from the use of HotelExecutive, any web sites linked to HotelExecutive, the materials, software or other information contained in any or all such sites, whether based on warranty, contracts, statutes, regulations, tort (including but not limited to, negligence) or any other legal theory and whether or not advised of the possibility of such damages. If your use of the materials or information from HotelExecutive results in the need for servicing, repair or correction of equipment or data, you assume all costs thereof.

4. REVISIONS TO THIS AGREEMENT

HotelExecutive may revise this Agreement at any time without notice by updating this posting. By using HotelExecutive you agree to be bound by any such revisions and should therefore periodically visit HotelExecutive and page to determine the then current Terms of Access and Use conditions of use to which you are bound.

5. TRANSMISSIONS

Any idea you transmit to or post on HotelExecutive by any means will be treated as non-confidential and non-proprietary and may be disseminated or used by HotelExecutive or its affiliates for any purpose whatsoever, including, but not limited to, developing and marketing products. You are prohibited from posting or transmitting to or from HotelExecutive any unlawful, threatening, libelous, defamatory, obscene, scandalous, inflammatory, pornographic, profane material or any other material, including but not limited to any material that could give rise to any civil or criminal liability under both domestic and international law.

6. YOUR WARRANTIES

You warrant to HotelExecutive that:

You are the sole owner of all rights in the materials posted or uploaded by you (including all related copyrights) or that you have the absolute right to license their use as provided in this section. While you will retain ownership of the copyright in the materials posted or uploaded by you, you agree that all materials posted or uploaded by you shall become part of a database, and that HotelExecutive will own the compilation copyright in that database. In addition, you hereby grant HotelExecutive a perpetual, worldwide, irrevocable license to use, reproduce, modify, publish, publicly perform, publically display and distribute such materials, and portions of such materials and any derivative works created from such materials, in print, electronic and other media, by any means now known or developed in the future. We may sublicense all of our rights and licenses or assign them to third parties. Neither HotelExecutive nor any third party using the materials in accordance with this section will be obligated to pay you any royalties or other compensation for use of the materials.

You will comply with these Terms of Access and Use including, without limitation, the USE RESTRICTIONS set out in Section 3 above;

You agree to indemnify and hold HotelExecutive harmless from any claim or damages (including any legal fees in relation to same) made by a third party in respect of any matter in relation to or arising from your use and/or membership arising from any breach or suspected breach of these Terms of Access and Use by you or your violation of any law or the rights of any third party.

7. ACTIONS WE MAY TAKE AT OUR SOLE DISCRETION

HotelExecutive may take any or all of the following actions at our sole discretion:

Remove any member profile (including photographs) or other material that, in our sole discretion may be inappropriate or we suspect to be illegal, subject us to liability or which may violate these Terms of Access and Use or where required to do so by law;

Issue members with verbal or written warnings and may take such further action as we deem appropriate if such warnings are not heeded;

Suspend or terminate a member's access to the members's area of HotelExecutive or a member's account without notice at any time;

Inform the appropriate authorities and provide them with information regarding any suspected illegal activity; or bring legal action against a member or other user of HotelExecutive in relation to any breach of these Terms of Access and Use or any illegal or suspected illegal activity.

8. GOOD SAMARITAN CONTENT AND COMPLAINT PROCEDURES POLICY

A. Policy

We have provided opportunities for you to contribute Content to our Site. It is our policy, however, not to allow any Content which may constitute intellectual property infringement; violations of federal, state, or local law; obscene or defamatory material, or may otherwise be unacceptable or inappropriate. Upon learning of such Content, we will attempt, and you hereby give HotelExecutive the right, to delete, edit, remove, disable, change, or restrict access to or the availability of the Content, which in our sole discretion, is otherwise unacceptable or objectionable. We may or may not notify you about what action we take with respect to the disputed Content. The provisions of this section are intended to implement this policy but are not in any way intended to impose a contractual obligation upon us to undertake, or refrain from undertaking, any particular course of conduct.

B. Complaint Procedures

If you believe that another user or other third party has posted Content which violates this policy or specifically the USE RESTRICTIONS in Section 3 above, you may notify HotelExecutive via e-mail at editor@HotelExecutive . In order to allow HotelExecutive to respond effectively, please provide HotelExecutive with as much information as possible in your correspondence, including: (1) the nature of the right infringed or violated (including any applicable registration numbers of the federally-registered intellectual property allegedly infringed), if applicable, or the unacceptable or inappropriate Content; (2) all facts which lead you to believe that a right has been violated or infringed, if applicable; (3) the precise location where the offending Content is located; (4) any grounds to believe that the party or user which posted the Content was not authorized to do so or did not have a valid defense (including the defense of fair use), if applicable; (5) if known, the identity of the party or user who posted the infringing, offending, or inappropriate Content; and (6) in the case of alleged copyright infringement claims, information sufficient to identify the work and your claims to ownership.

C. Indemnification/Waiver of Certain Rights

By contacting HotelExecutive and complaining of an alleged violation, you agree that the substance of your complaint shall constitute a representation made under the pains and penalties of perjury pursuant to the laws of the State of California. In addition, you agree, at your own expense, to defend and indemnify HotelExecutive and hold HotelExecutive harmless against all claims which may be asserted against HotelExecutive, and all losses incurred, as a result of your complaint and/or our response to it.

D. Waiver of Claims and Remedies

We expect all users of our Site to take responsibility for their own actions and cannot and do not assume liability for any acts of third parties which take place at our Site. By utilizing the Good Samaritan procedures set forth herein, you waive any and all claims or remedies which you might otherwise be able to assert against hotelexecutive under any theory of law (including, but not limited to, intellectual property laws) that arise out of or relate in any way to the content at hotelexecutive or our response, or failure to respond, to a complaint.

E. Investigation/Liability Limitation

You agree that we have the right, but not the obligation, to investigate any complaint received. By reserving this right, we do not undertake any responsibility in fact to investigate complaints or to remove, edit, disable or restrict access to or the availability of Content. We will not act on complaints that we believe, in our sole discretion, to be deficient, incomplete, or otherwise questionable. If you believe that Content remains on HotelExecutive which violates your rights, Your sole and exclusive remedy shall be against the user or other party responsible for said content, not against HotelExecutive. your sole and exclusive remedy against HotelExecutive shall be to terminate your use of HotelExecutive and service.

Digital Millennium Copyright Act Compliance. As set forth in Subsection (b), you must contact our agent if you believe that a work protected by a U.S. Copyright which you own has been posted on our Site without authorization or that our Site, in some material way, contributes to its infringement. It is our policy in appropriate circumstances, if possible, to terminate the access rights of repeat infringers and other users who use HotelExecutive in an inappropriate or objectionable manner.

9. COOPERATION WITH LAW ENFORCEMENT

HotelExecutive reserves the right to fully cooperate with any law enforcement authorities or court order requesting or directing HotelExecutive to disclose the identity or other information regarding any user or member alleged by any governmental entity to be using HotelExecutive or any Content or materials available in, at, through or in association with HotelExecutive in violation of any law or regulation, or in violation of this Agreement, including, without limitation, the posting of e-mail messages, or publishing or otherwise making available any such materials. By accepting this agreement you waive and hold harmless HotelExecutive from any claims resulting from any action by HotelExecutive during, or as a result of, its investigations, and from any actions taken as a consequence of investigations by either HotelExecutive or law enforcement authorities

10. APPLICABLE LAWS, VENUE, JURISDICTION & MANDATORY ARBITRATION

If any provision(s) of this Agreement is held by a court of competent jurisdiction to be contrary to law, then such provision(s) shall be construed, as nearly as possible, to reflect the intentions of the parties with the other provisions remaining in full force and effect. HotelExecutive's failure to exercise or enforce any right or provision of this Agreement shall not constitute a waiver of such right or provision unless acknowledged and agreed to by HotelExecutive in writing. The section titles in this Agreement are solely used for the convenience of the parties and have no legal or contractual significance. This Agreement may be assigned in whole or in part by HotelExecutive. This Agreement may not be assigned in any manner by you without the express, prior written permission of HotelExecutive.

Any and all disputes or controversies of any kind, including but not limited to any performance, duty, obligation or liability arising under or related to this Agreement which are not first resolved informally, shall be determined by binding arbitration in San Francisco, California, in accordance with the rules of the American Arbitration Association. The final award in any such arbitration proceeding shall be subject to entry as a judgment by any court or competent jurisdiction, provided that such judgment does not conflict with the terms and provisions hereof. The jurisdiction of the arbiter (or arbiters) with respect to legal matters shall be limited only by the statutory and common law of the State of California and the United States.

Notwithstanding the foregoing, any and all disputes, which the parties cannot informally resolve, regarding the scope of issues or matter with the jurisdiction of the arbitrator, shall be resolved by a separate dispute resolution process whereby HotelExecutive, in its sole discretion shall elect the dispute to be resolved by either (1) a court of competent jurisdiction in the State of California or (2) a panel of three new arbitrators.

This Agreement shall be governed by and construed in accordance with the laws of the State of California notwithstanding any conflict of laws provisions. You and HotelExecutive agree that the venue for all legal disputes, controversies, actions of any kind arising under or related to this Agreement shall be San Francisco, California. You and HotelExecutive further agree that in case of any litigation regarding this Agreement, you irrevocably and unconditionally (i) consent to submit to the exclusive jurisdiction of the state and federal courts in the County of San Francisco, California for any litigation or dispute arising out of or relating to this Agreement, (ii) agree not to commence any litigation arising out of or relating to this Agreement except in the California Courts, (iii) agree not to plead or claim that such litigation brought therein has been brought in an inconvenient forum, and (iv) agree the California Courts represent the exclusive jurisdiction for all litigation relating to this Agreement.

11. MEMBERSHIP FEES

Hotel Business Review Subscriptions

If you choose to purchase a subscription, member subscription payments can be made in U.S. Dollars, as well as a variety of international currencies. Membership terms are Annual Recurring, and Monthly Recurring. The Annual Recurring subscription is an annual commitment and subscribers will be charged each consecutive billing cycle. Annual Recurring subscriptions can be cancelled after the first billing cycle and within 30-days of the billing date for a full refund. Monthly Recurring subscriptions are ongoing and subscribers will be charged each consecutive monthly billing cycle. Monthly Recurring subscriptions can be cancelled after the first month and within 7 days of the monthly billing cycle for a full refund.

12. PAYMENT AUTHORIZATION

Payment for the services provided to you in, at, through or in association with HotelExecutive may be made by automatic credit card, debit card, direct debit, bankwire or Paypal and other approved payment means offered in, at, through or in association with HotelExecutive, and you hereby authorize HotelExecutive and its agents to transact such payments on your behalf.

You hereby authorize HotelExecutive's Internet Payment Service Provider to charge your credit card to pay for your membership to HotelExecutive. You further authorize HotelExecutive's Internet Payment Service Provider to charge your credit card for any and all purchases of products, services in association with HotelExecutive. You agree to be personally liable for all charges incurred by you in association with your access or other use of any content provided by HotelExecutive or any third party in association with HotelExecutive. You acknowledge and agree that your liability for all such charges shall continue after termination of your access or any type of membership arrangement with HotelExecutive.

In the event that you have chosen to have your membership automatically rebilled, unless and until you notify HotelExecutive that you wish to cancel or terminate your membership to HotelExecutive, you hereby agree and authorize HotelExecutive's Internet Payment Service Provider to automatically renew your membership to HotelExecutive on a continuing basis and to charge your credit card (or other payment means you have selected) to pay for the ongoing cost of your membership. You hereby further authorize HotelExecutive's Internet Payment Service Provider to charge your credit card (or other approved payment means you have selected) for any and all purchases of products, services and entertainment provided to in, at, through or in association with HotelExecutive.

13. PRIVACY POLICY

The following is the Privacy Policy for HotelExecutive

We can be reached via telephone, email, or online at our contact page. When you visit our site we do not log any information regarding your domain or email address. Information Sharing: We do not share user information with any third parties other than via press release distribution as described below.

Hotel Newswire is a newswire service that distributes press releases on behalf of our users. If you decide to submit a press release for distribution through our system we will transmit your entire press release including any personal information therein contained to our media contacts and online distribution points including search engines. This is the only redistribution of your information that we engage in. Your submission of press releases through our system indicates consent with this policy. The information we collect during your registration process is used to notify users about updates to our service and inform users of any special events hosted by Hotel Newswire. This information is not shared with other organizations for commercial or non-commercial purposes.

Cookies: Our system requires the use of cookies to enable the user to log back into our website to access information from the newswire, without having to log in each time using the required username and password.

If you do not want to receive email from us in the future, please let us know by following instructions included in our communication with you. Users who supply us with telephone numbers online may receive telephone contact from us regarding their account, or informing them of new products and services available on the HotelExecutive website. If you do not wish to receive such telephone calls, please edit your account and remove your phone number from your account profile. This can be done from your user account menu.

Ad Servers: We do not partner with or have any relationship with any ad server companies. From time to time, we may use customer information for new uses not previously disclosed in our privacy notice. If our information practices change at any time, we will post the policy changes to our website to notify you of these changes and provide you with the ability to opt out of these new uses. If you are concerned about how your information is used, you should check back at our website periodically.

Upon request we provide site visitors with access to all information (including proprietary information) that we maintain about them. Users can access this information by logging in to their account.

Security: We always use industry-standard encryption technologies while transferring and receiving user data exchanged with our site. We have appropriate security measures in place in our physical facilities to protect against the loss, misuse, or alteration of information that we have collected from you on our site. We do not store credit card information in our systems.

If you feel that this site is not following its stated information policy, you may contact us.

Receive our Newsletter

Three Main Areas Leaders Can Improve Remote Work Policies

By Lacey Leone Mclaughlin, Executive & Leadership Coach, LLM Consulting Group

COVID-19 changed everything. We all learned that sometimes you must travel with a mask. In the office, how we work dramatically changed. Zoom was just another business software before COVID-19. Today, it’s a verb. Entire etiquette has emerged around how to behave on a Zoom call. For workers and leaders, the office is still changing. Some people are back to the office. Others are working half at the office and half at home. COVID-19 created a whole new world for business leaders, team members, and everyone else in an organization.Those changes are still manifesting throughout the travel and hospitality sector....

Keeping Infostealers from Checking-In

By Erik Eisen, CEO, CTI Technical Services

As cyber threats evolve, a new wave of malware is gaining traction in the criminal underground: infostealers. These potent data-harvesting tools are becoming a go-to choice for threat actors because of their ability to quickly and effectively siphon sensitive information—everything from banking credentials to email passwords—to sell on the dark web, fueling identity theft, financial fraud, and even corporate espionage. The use of infostealers has skyrocketed in recent ransomware campaigns, often serving as a reconnaissance tool. Attackers use infostealers to gather login credentials, allowing them to move laterally across networks, escalate privileges, and tailor their attacks to inflict maximum damage...

The 'Revenue Sleuth': Unmasking Revenue Maximization Tactics

By Connor Vanderholm, CEO, Topline Revenue LLC

Rate Shopping: The Foundation of Competitive Intelligence Rate shopping forms the bedrock of any revenue sleuth’s strategy. By continuously monitoring competitor rates, savvy revenue managers can dynamically adjust their prices to stay ahead. The goal is not just to match or undercut competitors but to strategically position your property in the market. Advanced rate shopping tools provide real-time data on competitor pricing, allowing revenue managers to make informed decisions. For example, if a competitor slashes rates for an upcoming weekend, a knowledgeable revenue manager might hold steady, anticipating that last-minute bookers will perceive higher value in their property. This nuanced...

Collaboration and Information Sharing: Strengthening The Hotel Industry's Cyber Defense

By Suzie Squier, President, Retail & Hospitality ISAC

The hospitality industry is known to be vulnerable to cyber threats. Thanks to a wealth of connected devices, such as check-in kiosks and digital keycards, hotels are blinking beacons of sensitive data, practically calling out to attackers. Worse, hotels can be seen as easy prey in the eyes of bad actors because many hotel chains operate on a franchise model, therefore corporate enterprises may not have control over the cybersecurity practices of their franchisee locations, especially in remote or rural areas, where modern cybersecurity standards can be prohibitively expensive or resource-intensive. If hotel executives want to strengthen their...

Digital Strategy for the Post-Pandemic Hospitality Industry

By Derek Chew, CEO, Fullmoon Digital Marketing

The hospitality industry is facing a challenging road to recovery that may span years. A profound shift has occurred, and the pace of recovery is gradual. Hospitality businesses that weathered the pandemic are now in a bit of a scramble, trying to figure out what the "new normal" looks like. Yet, adapting to this unfamiliar territory presents fresh challenges, testing the resilience of businesses unprepared for such transformative changes. Businesses need to double-down on their effort to stay relevant; "no rest for the weary" as the saying goes. Hospitality businesses seem ready to embrace changes in a dynamic environment...

Embracing Family and Employee-Ownership: The Eureka Casinos Story

By Andre Carrier, President & CEO, Eureka Casinos

When Eureka Casinos became the first 100% employee-owned hospitality company in the U.S. in 2016, the move was much more than simply a business strategy. Our company was founded in 1997 by our Chairman, Greg Lee, and his family. The decision to sell the company to our employees reflected a deeper philosophy — a way of life that today permeates every facet of our company. It’s a testament to the power of family, shared purpose, and the potential within each individual. Our journey toward employee ownership began when Greg and I made a startling observation. The traditional...

Crushing the Competition: Driving More Share to Your Hotel

By Theresa Hajko, Regional Director of Revenue Management, Spire Hospitality

In our fluid industry where it seems like a new hotel is opening on every corner and we are competing with short term rentals for business, hoteliers must become savvier about growing share. While there are an infinite number of ways to achieve this some of the tried-and-true measures still hold up with a few new ones in the mix. Let's take a closer look at just a few that stand out and a few more that have stood the test of time. Service and Cleanliness are EVERYTHING They always have been and always will be. It would...

Creating An Effective Work Culture

By Jeff Brainard, President, JJB Leadership Solutions, LLC

As businesses and industries move further and further away from the economic and social impact of the COVID-19 pandemic and the restrictions, rule changes, and impact on workforce associated with the pandemic dissipate, the importance of workplace culture is reemerging in conversation. Several have defined workplace culture as “The personality of an organization from the employee perspective.” Understanding how to build an effective culture is essential to organizational success and if we use this definition, ensuring that culture is aligned with employees as intended is critical to success in all business, but especially in hospitality. Gallup breaks down...

Hospitality's Next Frontier: Daypass and Nightlife Market Expansion

By Shawn Tarter, CEO & Founder, RealTime Reservation

The hotel industry is entering a new era. Modern travelers and local guests are no longer satisfied with just a bed for the night, they’re looking for flexible, engaging, and meaningful experiences. This shift in expectations has created an opportunity for properties to rethink how they operate and what they offer. Day passes and nightlife experiences are now two of the most exciting areas for innovation and growth. At its core, hospitality is about creating memorable moments. That mission is expanding beyond overnight stays to include short-term access to property amenities and curated evening events. As guest demands change, properties...

Technological Renaissance: How Innovation is Reshaping The Future of Hospitality

By Chintan Dadhich, Complex General Manager, Conrad New York Downtown & Tempo by Hilton Times Square

In an era defined by digital transformation, the hospitality industry stands at the forefront of a technological renaissance. What was once an industry steeped in tradition and human-centered service is now embracing innovation at an unprecedented pace. This evolution isn’t merely about implementing new gadgets or software—it represents a fundamental reimagining of how hotels operate and interact with guests. The Driving Forces of Hospitality Innovation The hospitality sector’s accelerated adoption of technology stems from several converging factors. Today’s travelers arrive with heightened expectations shaped by their tech-enabled daily lives. They anticipate the same convenience, personalization, and immediacy...

HOTEL BUSINESS REVIEW DECEMBER FOCUS: Hotel Law

Not-So-Suite Cybersecurity Concerns in the Hospitality Industry

By Julia Kadish Associate, Sheppard, Mullin, Richter & Hampton | December 2023

Terms & Conditions

Receive our Newsletter

HOTEL BUSINESS REVIEW
DECEMBER FOCUS: Hotel Law