Digital Threats Continue to Confront the Hospitality Industry

shutterstock_217014265Cybersecurity and digital threats were a hot topic at ALIS Law, a conference for hotel owners and operators, in Los Angeles last month.  I had a pleasure of moderating a session on “threats in a digital world” with senior executives from national hotel management and ownership groups.  In our session, we discussed what were some of the pressing and most concerning digital threats that kept the hospitality industry up at night.  Here are some highlights and take-aways from the session:

  • Cybersecurity and hacks from foreign and domestic threats remain a top concern. Many hotels have been engaging in surveillance as one method of cyber protection.  It was noted how much the investment in technology to prevent, address, and respond to cybersecurity issues has increased for both owners and operators.  While owners may bear the cost on their profit & loss statement, and management companies are putting in policies, owners are adding property specific monitoring.  It was discussed that one global hotel company, Hyatt Hotels, recently announced a bug bounty program whereby they will be paying ethical hackers to monitor their systems, including mobile applications, for potential risks and where credible risks or threats are found – the hackers will be compensated – which is a novel approach in the hospitality industry.
  • While cybersecurity threats have been a focus, one repeated concern is the threat of harm to a hotel’s reputation due to guests and third parties spreading false information on social media sites, such as LinkedIn, Yelp, and Trip Advisor. To address these concerns, hotel operators talk with their teams daily about the consequences of false information or a bad review and take steps to remove false reviews if possible.  Others noted that removing a false review from a site like Trip Advisor can be challenging unless the company is able to prove that the review was posted for criminal reasons or demonstratively false.
  • One consequence of a cybersecurity hack beyond the disclosure of guest information is if a hacker was able to secure personal identifiable information of a hotel company’s investors and borrowers. If investors are concerned that a hotel company is not protecting their highly confidential and personal financial information, that would have a significant impact on the reputational harm to the company.
  • Some of the best practices that owner and operators have put into place is an incident response plan to respond to a threat. In doing so, a key question is who you need at the table to decide how to move forward (IT / GC / PR / Owner) and what elements do you need to put into place.  In addition, implementing policies and procedures on the front end is critical.  For example, from an accounting perspective, having controls in place that can protect where the money is going and where it is coming from and ensuring that there are multiple approvals before money is sent out electronically.  Finally, training staff on the policies and procedures so that the right people are getting the right information.  Managers need to judge and reward staff for compliance with the policies because while a company continue to monitor and audit, training is only effective if compliance is monitored.  For example, one company reported conducting more secret shoppers to determine whether someone can drop a flash drive into a front desk computer to tap into the network.

Unfortunately, cybersecurity risks and threats are not going away anytime soon, but with planning and focus on this important issue, hotel owners and operators can get ahead of some of the threats and take control and strong action if a risk materializes.

California Employment Law Update for 2019 

By: Andrew J. Sommershutterstock_150165167

In the final days of California’s 2018 legislative session, and the end of his term, Governor Jerry Brown has signed into law a variety of employment bills, including a flurry of new legislation seeking to bolster the state’s workplace harassment laws in the aftermath of the #MeToo movement.  Conn Maciel Carey LLP provides this summary of key new employment laws impacting California private sector employers.  Unless otherwise indicated, these new laws just took effect on January 1, 2019.

#MeToo Legislation

Expanded Anti-Harassment Training Requirements

Existing law requires that employers with 50 or more employees provide at least two hours of sexual harassment training to all supervisory employees within six months of the individuals becoming supervisors, and at least once every two years thereafter.  Covered employers must provide classroom or other effective interactive training that incorporates the topics of sexual harassment and abusive conduct as well as harassment based on gender identity and expression and sexual orientation.

Senate Bill (SB) 1343 broadly expands the harassment training requirements to small employers and for the first time requires training of non-supervisory employees.

Continue reading

Going Through Withdrawal – Strategies for Minimizing Your Multiemployer Pension Withdrawal Liability, Protecting Your Assets and Saving Your Business

Join Conn Maciel Carey Labor & Employment Practice Group partner, Mark Trapp, on November 14, 2018 when he presents an interactive workshop to help unionized employers understand and analyze what is often the most critical challenge facing their business – multiemployer pension withdrawal liability.  Attendees will learn innovative and aggressive techniques and strategies to address this issue and proactively secure the future of their company. Increasing Money Graph

This workshop will also discuss the current legislative environment for multiemployer pension plans and issues, particularly the work of the Joint Select Committee on Solvency of Multiemployer Pension Plans, charged with preparing a report and recommended legislative language by November 30 to “significantly improve the solvency” of multiemployer pension plans and the Pension Benefit Guaranty Corporation.

Workshop attendees will:

  • Gain a broad understanding of the challenges facing employers who participate in a multiemployer pension plan

  • Discover strategies for assessing and minimizing their withdrawal liability risks through collective bargaining and business planning

  • Examine the status and possibility of legislative relief from the Joint Select Committee on Solvency of Multiemployer Pension Plans

Click here to register.

[Webinar] A Business Primer on Disability Access Laws: Preventive Tools and Defense Strategies

On Thursday, October 25, 2018, at 1 pm EDT, join Kara M. Maciel and Andrew J. Sommer of Conn Maciel Carey’s national Labor & Employment Practice Group for a complimentary webinar:  “A Business Primer on Disability Access Laws:  Preventive Tools and Defense Strategies

Businesses continue to be plagued by litigation under the Americans with Disabilities, Title III (ADA) over alleged access barriers.  Lawsuits against hotels and retailers, among other public accommodations, appear to be on the rise with a disproportionate share in California.

Disability Webinar

This webinar will provide an overview of ADA, Title III standards as they apply to construction existing before the enactment of the ADA in 1992 as well as to subsequent new construction and alterations.  The webinar will also address Continue reading

Lasting Effects of the #MeToo Movement

It has been about a year since the #MeToo movement went viral, spreading greater awareness about sexual misconduct and harassment, and, more generally, the role of women, in the workplace.  So, where are we now, and has anything changed?  Was it just an awareness movement?  Or, have things actually started to shift in the legal landscape with respect to the way employers are required to handle sexual misconduct and harassment?  And what about with the way women are represented at work?  Even if #MeToo may have started out as an awareness movement, states like New York and California are implementing changes in the law that are now imposing, orshutterstock_me too will soon impose, new requirements on employers, in hopes of giving #MeToo a significant, lasting effect.  So, what should employers in New York and California do now?  And, given that these states are often at the forefront of labor and employment issues, how should employers outside New York and California prepare in case new laws are passed in their states?

New York’s New Anti-Sexual Harassment Laws

On April 12, 2018, New York Governor Andrew Cuomo signed into law the 2019 New York State Budget, updating the state’s sexual harassment laws.  Among other changes, there are two key components under these laws.  First, every employer in New York must establish a sexual harassment prevention policy.  These policies should have already been adopted and provided to all employees by October 9, 2018.  The New York Department of Labor and New York Division of Human Rights have established a model sexual harassment prevention policy for employers to adopt.  But employers are not required to use this model, so long as their policy meets or exceeds the minimum standards of the model and set forth in the laws.  Employers must distribute the policy to all employees in writing or electronically, and must ensure that all future employees receive the policy before they start work.  Additionally, employers are encouraged to post a copy where employees can easily access it.

Continue reading

Novel Legislation: Maryland’s Disclosing Sexual Harassment in the Workplace Act of 2018

harassmentWith the rise of the #MeToo movement, there have been a number of responses from both employers and state legislatures to address workplace harassment.  As discussed during the EEOC Special Task Force Meeting on June 11, 2018, several state legislatures are taking proactive steps to combat workplace sexual harassment.  For example, on May 15, 2018, Maryland Governor Larry Hogan signed and ratified the Maryland Disclosing Sexual Harassment in the Workplace Act of 2018 – which passed the Maryland House (46-0) and Senate (136-1) with almost unanimous support.

The Act, which goes into effect on Continue reading

Highlights of the Spring 2018 Regulatory Agenda – Part 1: Initiatives of the NLRB

Spring 2018 Regulatory AgendaOn Wednesday, the Office of Information and Regulatory Affairs released the Trump Administration’s Unified Regulatory and Deregulatory Actions (Agenda).  This Agenda lays out the short-term and long-term regulatory and, pursuant to the Trump Administration’s focus on rolling back regulation, deregulatory priorities for all the different Federal Government Agencies, including the National Labor Relations Board (“NLRB”), Department of Labor (“DOL”), and Equal Employment Opportunity Commission (“EEOC”).  Specifically, the Agenda identifies and briefly explains the rulemaking activities in which each Agency plans to engage over the remainder of 2018 and into the next year.  Below, we have highlighted the major initiatives the NLRB has taken and intends to undertake as outlined in this Agenda.  We will address highlights from the Agenda for the DOL and EEOC in Part Two of this post.

NLRB’s Intent to Establish Joint-Employer Standard

One of the initiatives that came as a surprise to many when it appeared in the Spring 2018 Agenda is a rulemaking to establish a standard to assess joint-employer status.  This rulemaking has been initiated by the NLRB and is currently on the Long-term Actions list.  Although agencies usually include items on the Long-term Actions list that they do not plan to act on within the next year, the press release issued by the NLRB in conjunction with the Spring 2018 Agenda indicates an intent to move on this rulemaking promptly.  In the press release, Chairman John F. Ring states, “In my view, notice-and-comment rulemaking offers the best vehicle to fully consider all views on what the [joint-employer] standard ought to be.  I am committed to working with my colleagues to issue a proposed rule as soon as possible…” (emphasis added).  The press release also reveals that certain members of the NLRB – Chairman Ring and Members Emanuel and Kaplan – have already begun the internal process required to consider rulemaking on the standard. Continue reading