Cybersecurity and digital threats were a hot topic at ALIS Law, a conference for hotel owners and operators, in Los Angeles last month. I had a pleasure of moderating a session on “threats in a digital world” with senior executives from national hotel management and ownership groups. In our session, we discussed what were some of the pressing and most concerning digital threats that kept the hospitality industry up at night. Here are some highlights and take-aways from the session:
- Cybersecurity and hacks from foreign and domestic threats remain a top concern. Many hotels have been engaging in surveillance as one method of cyber protection. It was noted how much the investment in technology to prevent, address, and respond to cybersecurity issues has increased for both owners and operators. While owners may bear the cost on their profit & loss statement, and management companies are putting in policies, owners are adding property specific monitoring. It was discussed that one global hotel company, Hyatt Hotels, recently announced a bug bounty program whereby they will be paying ethical hackers to monitor their systems, including mobile applications, for potential risks and where credible risks or threats are found – the hackers will be compensated – which is a novel approach in the hospitality industry.
- While cybersecurity threats have been a focus, one repeated concern is the threat of harm to a hotel’s reputation due to guests and third parties spreading false information on social media sites, such as LinkedIn, Yelp, and Trip Advisor. To address these concerns, hotel operators talk with their teams daily about the consequences of false information or a bad review and take steps to remove false reviews if possible. Others noted that removing a false review from a site like Trip Advisor can be challenging unless the company is able to prove that the review was posted for criminal reasons or demonstratively false.
- One consequence of a cybersecurity hack beyond the disclosure of guest information is if a hacker was able to secure personal identifiable information of a hotel company’s investors and borrowers. If investors are concerned that a hotel company is not protecting their highly confidential and personal financial information, that would have a significant impact on the reputational harm to the company.
- Some of the best practices that owner and operators have put into place is an incident response plan to respond to a threat. In doing so, a key question is who you need at the table to decide how to move forward (IT / GC / PR / Owner) and what elements do you need to put into place. In addition, implementing policies and procedures on the front end is critical. For example, from an accounting perspective, having controls in place that can protect where the money is going and where it is coming from and ensuring that there are multiple approvals before money is sent out electronically. Finally, training staff on the policies and procedures so that the right people are getting the right information. Managers need to judge and reward staff for compliance with the policies because while a company continue to monitor and audit, training is only effective if compliance is monitored. For example, one company reported conducting more secret shoppers to determine whether someone can drop a flash drive into a front desk computer to tap into the network.
Unfortunately, cybersecurity risks and threats are not going away anytime soon, but with planning and focus on this important issue, hotel owners and operators can get ahead of some of the threats and take control and strong action if a risk materializes.
Join Conn Maciel Carey Labor & Employment Practice Group partner, Mark Trapp, on November 14, 2018 when he presents an interactive workshop to help unionized employers understand and analyze what is often the most critical challenge facing their business – multiemployer pension withdrawal liability. Attendees will learn innovative and aggressive techniques and strategies to address this issue and proactively secure the future of their company.
This workshop will also discuss the current legislative environment for multiemployer pension plans and issues, particularly the work of the Joint Select Committee on Solvency of Multiemployer Pension Plans, charged with preparing a report and recommended legislative language by November 30 to “significantly improve the solvency” of multiemployer pension plans and the Pension Benefit Guaranty Corporation.
Workshop attendees will:
Gain a broad understanding of the challenges facing employers who participate in a multiemployer pension plan
Discover strategies for assessing and minimizing their withdrawal liability risks through collective bargaining and business planning
Examine the status and possibility of legislative relief from the Joint Select Committee on Solvency of Multiemployer Pension Plans
Click here to register.
On Thursday, October 25, 2018, at 1 pm EDT, join Kara M. Maciel and Andrew J. Sommer of Conn Maciel Carey’s national Labor & Employment Practice Group for a complimentary webinar: “A Business Primer on Disability Access Laws: Preventive Tools and Defense Strategies“
Businesses continue to be plagued by litigation under the Americans with Disabilities, Title III (ADA) over alleged access barriers. Lawsuits against hotels and retailers, among other public accommodations, appear to be on the rise with a disproportionate share in California.
This webinar will provide an overview of ADA, Title III standards as they apply to construction existing before the enactment of the ADA in 1992 as well as to subsequent new construction and alterations. The webinar will also address Continue reading
It has been about a year since the #MeToo movement went viral, spreading greater awareness about sexual misconduct and harassment, and, more generally, the role of women, in the workplace. So, where are we now, and has anything changed? Was it just an awareness movement? Or, have things actually started to shift in the legal landscape with respect to the way employers are required to handle sexual misconduct and harassment? And what about with the way women are represented at work? Even if #MeToo may have started out as an awareness movement, states like New York and California are implementing changes in the law that are now imposing, or will soon impose, new requirements on employers, in hopes of giving #MeToo a significant, lasting effect. So, what should employers in New York and California do now? And, given that these states are often at the forefront of labor and employment issues, how should employers outside New York and California prepare in case new laws are passed in their states?
New York’s New Anti-Sexual Harassment Laws
On April 12, 2018, New York Governor Andrew Cuomo signed into law the 2019 New York State Budget, updating the state’s sexual harassment laws. Among other changes, there are two key components under these laws. First, every employer in New York must establish a sexual harassment prevention policy. These policies should have already been adopted and provided to all employees by October 9, 2018. The New York Department of Labor and New York Division of Human Rights have established a model sexual harassment prevention policy for employers to adopt. But employers are not required to use this model, so long as their policy meets or exceeds the minimum standards of the model and set forth in the laws. Employers must distribute the policy to all employees in writing or electronically, and must ensure that all future employees receive the policy before they start work. Additionally, employers are encouraged to post a copy where employees can easily access it.
With the rise of the #MeToo movement, there have been a number of responses from both employers and state legislatures to address workplace harassment. As discussed during the EEOC Special Task Force Meeting on June 11, 2018, several state legislatures are taking proactive steps to combat workplace sexual harassment. For example, on May 15, 2018, Maryland Governor Larry Hogan signed and ratified the Maryland Disclosing Sexual Harassment in the Workplace Act of 2018 – which passed the Maryland House (46-0) and Senate (136-1) with almost unanimous support.
The Act, which goes into effect on Continue reading
On Wednesday, the Office of Information and Regulatory Affairs released the Trump Administration’s Unified Regulatory and Deregulatory Actions (Agenda). This Agenda lays out the short-term and long-term regulatory and, pursuant to the Trump Administration’s focus on rolling back regulation, deregulatory priorities for all the different Federal Government Agencies, including the National Labor Relations Board (“NLRB”), Department of Labor (“DOL”), and Equal Employment Opportunity Commission (“EEOC”). Specifically, the Agenda identifies and briefly explains the rulemaking activities in which each Agency plans to engage over the remainder of 2018 and into the next year. Below, we have highlighted the major initiatives the NLRB has taken and intends to undertake as outlined in this Agenda. We will address highlights from the Agenda for the DOL and EEOC in Part Two of this post.
NLRB’s Intent to Establish Joint-Employer Standard
One of the initiatives that came as a surprise to many when it appeared in the Spring 2018 Agenda is a rulemaking to establish a standard to assess joint-employer status. This rulemaking has been initiated by the NLRB and is currently on the Long-term Actions list. Although agencies usually include items on the Long-term Actions list that they do not plan to act on within the next year, the press release issued by the NLRB in conjunction with the Spring 2018 Agenda indicates an intent to move on this rulemaking promptly. In the press release, Chairman John F. Ring states, “In my view, notice-and-comment rulemaking offers the best vehicle to fully consider all views on what the [joint-employer] standard ought to be. I am committed to working with my colleagues to issue a proposed rule as soon as possible…” (emphasis added). The press release also reveals that certain members of the NLRB – Chairman Ring and Members Emanuel and Kaplan – have already begun the internal process required to consider rulemaking on the standard. Continue reading