Every business is obligated to protect their customers from identity theft but unfortunately, data breaches have become all too common. In an effort to protect a guest's right to privacy and to safeguard their personal data, the European Union passed a General Data Protection Regulation (GDPR) that could hold hotels legally liable for any breaches that expose a customer's sensitive personal information. Though the GDPR only pertains to EU citizens' data, any international business that mishandles their data can be legally responsible. Another legal issue of concern is the fight involving hotel "resort fees." Several states attorney generals have recently filed suit against two major hotel chains in an effort to litigate this practice. Their suit alleges that these companies are "engaged in deceptive and misleading pricing practices and their failure to disclose fees is in violation of consumer protection laws." The suit seeks to force the hotel chains to advertise the true price of their hotel rooms. There are several other legal issues that the industry is being forced to address. Sexual harassment prevention in the workplace is still top of mind for hotel employers-particularly in New York and California, which now statutorily require harassment training. Hotels and motels in California will also soon be required to train all their employees on human trafficking awareness. Immigration issues are also of major concern to hotel employers, especially in the midst of a severe labor shortage. The government is issuing fewer H2B visas for low-skilled workers, as well as J-1 visas for temporary workers. Though there is little hope for any comprehensive immigration reform, hotel lobbying groups are actively seeking legal remedies to alleviate this problem. These are just a few of the critical issues that the December issue of the Hotel Business Review will examine in the area of hotel law.