On Guard - The Shifting Landscape of Guest Privacy
By David M. Samuels, Esq., Senior Partner and Chair of the Hospitality Industry Group, Michelman & Robinson, LLP
Protecting Guest Information in the Wake of the Patel Decision
In June 2015, the U.S. Supreme Court struck down a law enacted by the City of Los Angeles that required hotel owners to comply with warrantless inspections of their guest registries upon demand by law enforcement officers. The High Court, in a 5 to 4 decision, determined that the ordinance was unconstitutional because it did not allow hotels the opportunity to challenge (via judicial review) an inspection demand. As noted by the Court, "Absent an opportunity for precompliance review, the ordinance creates an intolerable risk that searches authorized by it will exceed statutory limits, or be used as a pretext to harass hotel operators and their guest. Even if a hotel has been searched 10 times a day, every day, for three months, without any violation being found, the operator can only refuse to comply with an officer's demand to turn over the registry at his or her own peril."
This ruling represents a major shift in the landscape of hotel privacy rights because it means that not only do hotels have a privacy right in their business records, but, as "owners" of the information (i.e., names in the registry), hoteliers have an affirmative duty to protect that information.
In light of the Patel decision, managers and staff need to be trained as to how to best deal with official demands for guest information, including: requests for records, access to guest rooms, review of security camera footage, and requests to interview staff. Hotel personnel must not only understand a guest's expectation of and right to privacy, but also be trained to act in a way that shows respect to law enforcement. Hotels must walk a fine line in maintaining positive relationships with local law enforcement (who, after all, are tasked with protecting your property, staff and guests) while at the same time safeguarding guests' constitutional right to privacy.
Employees should be trained to politely inquire whether an officer is responding to an emergency situation and, if that is not the case, request a warrant or subpoena. Employees also need to be trained how to respond if the request is met with an initial lack of acceptance from the law enforcement officer. Such a circumstance can, and has, quickly escalated to an officer improperly threatening to shut the business down based on a refusal to immediately comply. Employees must be trained to calmly explain to the officer that, although the hotel is eager to cooperate with law enforcement, the hotel has a duty to safeguard guest privacy and protect the hotel's proprietary information. In some instances, it may be helpful to have the employee mention the Patel decision and explain to the officer that the hotel's hands are tied by recent Supreme Court precedent. If this does not suffice, the employee should be trained to have a manager contact the hotel's legal counsel. While the Patel case gave hoteliers solid ground upon which to refuse to turn over private guest information without a warrant, it may be some time before law enforcement becomes accustomed to having their requests rebuffed.
Satisfying Guest Privacy Expectations After the Andrews Verdict
Law enforcement is not the only source of requests for guest information that can result in adverse exposure for a hotel; average citizens frequently approach the front desk "looking for a guest." And, in 2016, the issue of how to appropriately respond to such inquiries rose to the level of front page news; the seismic event was the $55 million verdict awarded to sportscaster Erin Andrews related to the alleged improper disclosure of information (e.g., her presence as a hotel guest) that resulted in a stalker making a video recording of Ms. Andrews while she was nude in her guest room. The video had been shot through the view port from outside her guestroom door. This case sent a wake-up call to the industry, putting hoteliers (owners and operators) on notice that they must have clear policies and procedures related to guest privacy; that those policies and procedures must be reviewed, updated and fortified on a regularly basis; and that employees must be trained regularly on issues related to guest privacy, especially pertaining to the disclosure of a guest's presence in the hotel and the handling of requests for specific rooms.
In the wake of the Erin Andrews case, hoteliers must ramp up efforts to protect guest privacy. For example, hotels should have written "guest privacy" policies and procedures in place, and need to ensure that all employees receive appropriate training on those policies. These policies and procedures should address such issues as: how to handle a request for a specific room; how to address a request from one guest for another guest's room number; and how to respond to a caller (who may or may not be staying at the hotel) who asks to be connected to the room of a hotel guest. Fortunately, due to the proliferation of cell phones, in-coming calls for hotel guests on hotel land lines have diminished dramatically over the past couple of decades. Nonetheless, the most common way for anyone to find out if a person is staying in a particular hotel is to simply call the front desk and ask to be connected to that guest's room. Before the Andrews case, it was a normal part of everyday hotel operations for a caller to request to be connected to a guest's room and either be put through without a second thought, or be informed that no such guest was registered. This practice was not only considered routine, but it was viewed as basic customer service. Now, most hotels struggle to fashion effective policies that balance a guest's expectation of privacy with his or her service expectations (i.e. that if a legitimate incoming call is received by the hotel where the caller is asking for a guest by name, they will be put in touch with the guest).
The stalker's explanation of how he allegedly procured Ms. Andrews' room number put a spotlight on two additional challenging guest privacy issues: restricting access to internal hotel phones; and how to handle request for specific rooms by room number (as opposed to a request to be placed in a room next to a particular guest identified by name). Ms. Andrews' stalker claimed that he figured out her room number by accessing an "internal" hotel phone with an LCD display (such as those found at restaurant reception or hostess stands). The stalker has claimed that when the hostess was away from the stand, he simply lifted the receiver and asked the operator to connect him with Ms. Andrews' room. When the call was put through, the room number appeared on the LCD display. He then went up to the floor where her room was located, noticed that the room next door to hers was in the process of being turned, and proceeded back down to the front desk to request that adjacent room by room number.
Prior to the Andrews case, most hoteliers had given little, if any, thought to the possibility of a non-employee using an internal phone in such a fashion. And, just like the practice of routinely putting phone calls through, the practice of making every effort to honor a request for a specific room had long been considered a basic element of customer service.
Now, hotel operators and managers must take this opportunity to review their privacy practices with all personnel (not just front desk staff) to ensure guest identities and room numbers are kept confidential in all areas of the hotel. This includes training employees to be aware of the need to protect internal phones from being improperly accessed and obscuring the view of LCD displays when such phones are in use. Likewise, hoteliers need to enact policies and procedures related to handling requests for a specific room by reference to the room number.
One of the issues raised at trial by a plaintiff's expert was the lack of video surveillance in guest room hallways. Some chains employ it. Others do not because of a perception that it potentially invades the guests' privacy. Owners and operators need to revisit this issue if they are not currently employing guestroom hallway surveillance because such corridors are still considered a "public" space, even if access to guestroom floors is restricted by cardkey use in the elevator.
Savvy hoteliers will be looking to beef up their guest privacy policies, procedures and training. In order to reduce potential exposure, hotels need to "hardwire" guest privacy into their operations and organizational culture. A first step for hoteliers is to answer the question, "Do we have guest privacy policies and procedures?" Assuming the answer is "yes," then the next step must be to analyze the adequacy of those policies and procedures in light of the changes over the last few years. (Of course, if the answer is "no", then immediate action is necessary to start the process of crafting and implementing such policies and procedures.)
Part of the challenge owners and operators will face is that there is no "one-size-fits-all" solution to many of these evolving guest privacy challenges. In fact, for some of these issues, there may not be one "correct" answer. At a minimum, guest privacy policies and procedures need to address:
- Responding to law enforcement requests for access to guest-related information
- Responding to in-person and telephonic requests that can lead to the disclosure of guest information, such as:
- Requests to be placed in a room by reference to a specific room number, or by reference to another guest's name
- Telephonic requests to be connected with a guest's room
- Telephonic reservation-related inquiries pertaining to reservations under a name other than the caller
- Protecting equipment, such as computer screens and LED displays on phones, that display guest information
No set of guest privacy policies and procedures is going to be 100% foolproof in thwarting a determined and creative effort to access a guest's information. It is important to remember that the standard hoteliers are held to with respect to their operations is "reasonableness under the circumstances." By addressing these trouble spots, updating guest privacy policies and procedures, and providing regular training on these issues, a hotelier will at least have a fighting chance at demonstrating they acted reasonably. On the other hand, given that the terrain of guest privacy is constantly shifting, a hotelier who refused to make any additional effort to update operations and training relative to privacy would face a challenge in demonstrating that the hotel acted "reasonably" under the circumstances.
David M. Samuels, Esq., a senior partner and Chair of the Hospitality Industry Group at Michelman & Robinson, LLP, a national law firm, provides legal counsel and guidance to hotels, resorts, and private clubs in a variety of matters. He is a recognized authority in every facet of litigation related to personal and catastrophic injury, as well as premises liability and administrative law. He has significant expertise across an array of hospitality industry issues, including: guest safety; privacy; ADA accessibility; hotel security; common carrier liability; and property losses. Over the past 25 years, Mr. Samuels has successfully tried, mediated and arbitrated numerous complex disputes on behalf of hospitality industry clients in Southern California and across the country. Mr. Samuels, Esq. can be contacted at 310-564-2670 or firstname.lastname@example.org Please visit http://www.mrllp.com for more information. Extended Bio...
HotelExecutive.com retains the copyright to the articles published in the Hotel Business Review. Articles cannot be republished without prior written consent by HotelExecutive.com.