Avoiding Hotel Data Breaches With a Risk Assessment Audit™ – Lessons From the Marriott International “Glitch”
December 3, 2018 10:42am
By Jim Butler and the Global Hospitality Group®
Hotel Lawyers | Authors of www.HotelLawBlog.com
December 3, 2018
Data breaches are back in the news, and this time, it’s a well-known hotel industry player: Marriott International. The company announced today that unauthorized access to their systems going back several years has exposed the names and other personal details of over 500 million guests. For hoteliers, this situation can be avoided by using the Global Hospitality Group® Risk Assessment Audit™, a comprehensive tool that combines your internal resources with our expertise in analyzing your risk profile, both for compliance purposes and to create effective data security strategies.
Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, sums up what Marriott is facing and what lessons other hotels can learn from this incident, below.
Not a Good Day for Marriott
by Bob Braun
It’s unlikely that anyone in the hospitality industry – perhaps anyone who watches the news – hasn’t heard about the data breach at Marriott. Marriott’s pre-eminent position in the hotel industry, and the very size of the breach, with an estimated 500 million individuals impacted (putting it second behind the Yahoo breach) make this noteworthy.
While some of the information is available, most of the details have yet to be filled in. However, there are some key takeaways that every hotel owner, operator and brand should consider:
This breach comes at particularly sensitive time, as privacy laws in the United States and abroad are becoming increasingly strict. Marriott will have to report and consider its obligations not only under United States laws – which are fragmented, and will include virtually every state, as well as the federal government – but also the impact of the European Union General Data Privacy Regulation, which itself is enforced by a variety of data regulators. Beyond this, other countries – ranging from India to Canada to China and Russia – have varying regulatory schemes which Marriott must address.
What Do Hoteliers Need to Do?
The Marriott data breach, however it ultimately plays out, should be a wake-up call for the hospitality industry. Owners, operators and brands need to create effective and comprehensive policies, procedures and systems to address an increasingly dangerous data environment. Existing processes – often a patchwork of uncoordinated documents – simply will not work in today’s new environment, which demands attention not only to the ever-increasing sophistication of hackers, but also the adoption of new laws and regulations that impose greater responsibility, and impose greater potential liability, on the collection, retention and use of personal information.
The JMBM Global Hospitality Group has joined with the JMBM Cybersecurity and Privacy Group to offer a Risk Assessment Audit™ and cybersecurity protocols geared specifically to the hotel industry. The Risk Assessment Audit™ is a comprehensive tool that joins together your internal resources (including information technology, information security and corporate governance) with our expertise in analyzing your risk profile to create an inclusive suite of findings, recommendations and strategy, both for compliance purposes and to create effective data security practices. For more information, contact Bob Braun at 310-785-5331 or firstname.lastname@example.org.
Bob Braun is a Senior Member of JMBM’s Global Hospitality Group® and is Co-Chair of the Firm’s Cybersecurity & Privacy Group. Bob has more than 20 years experience in representing hotel owners and developers in their contracts, relationships and disputes with hotel managers, licensors, franchisors and brands, and has negotiated hundreds of hotel management and franchise agreements. His practice includes experience with virtually every significant hotel brand and manager. Bob also advises clients on condo hotel securities issues and many transactional matters, including entity formation, financing, and joint ventures, and works with companies on their data technology, privacy and security matters. These include software licensing, cloud computing, e-commerce, data processing and outsourcing agreements for the hospitality industry.
In addition, Bob is a frequent lecturer as an expert in technology, privacy and data security issues, and is one of only two attorneys in the 2015 listing of SuperLawyers to be recognized for expertise in Information Technology. Bob is on the Advisory Board of the Information Systems Security Association, Los Angeles chapter, and a member of the International Association of Privacy Professionals. Contact Bob Braun at 310.785.5331 or email@example.com
This is Jim Butler, author of www.HotelLawBlog.com and hotel lawyer, signing off. Please contact us if you would like to discuss any issues or development that affect your hotel interests. We would like to see if our experience might help you create value or avoid unnecessary pitfalls. Who’s your hotel lawyer?
Tags: jim butler,
global hospitality group,
hotel law blog,
hotel data breaches
Jim Butler is a founding partner of JMBM and JMBM’s Global Hospitality Group® which provides business and legal advice to hotel owners, developers and investors. This advice covers hotel purchase, sale, development, financing, franchise, management, labor & employment, litigation, ADA, IP, EB-5 matters any many other areas.
Jim is recognized as one of the top hotel lawyers in the world and has led the Global Hospitality Group® in more than $71 billion of hotel transactions and more than 3,800 hotel properties located around the globe.
Jim’s group has advised on more than 100 EB-5 projects, closed more than $1.5 billion of EB-5 financing, and sourced more than half of that for our clients.
Contact Jim at +1-310.201-3526 or JButler@jmbm.com
JMBM’s Global Hospitality Chairman Jim Butler Will Speak About Hotel Investment at 2019 Institutional Real Estate Forum
The 2019 LIIC Top Ten — Hotel Real Estate: Mostly Sunny Days Clouded by Labor Issues
JMBM’s Global Hospitality Group® to Host the 29th Annual Meet the Money® National Hotel Finance and Investment Conference May 6-8, 2019 in Los Angeles
Why Retail Owners Are Partnering With Hotels
Hotel Lawyer: Brand Franchise Owners Ask “What Happened to My Area of Protection?”
Marriott Provides Update on Starwood Database Security Incident
Will Marriott Data Breach Herald the Death of Personalization?
Data Security in Hospitality: Risks and Best Practices
Marriott Inherits a Mess of Historical Proportions
JMBM Announces Sale of Marriott Warner Center Woodland Hills
U.S. News & World Report – Best Law Firms® Recognizes JMBM as 2019 “Best Law Firm”
Is GDPR Legislation Coming to U.S. Hotels?
New "Accessibility" Regulations for Electric Vehicle Charging Stations
What Do Top Hotel Executives See on the Horizon for 2018?
GDPR: What You Need to Know About the EU's New Data Privacy Rules
Hotel Lawyer Jeffrey T. Myers Joins JMBM’s Global Hospitality Group®
Proposition 65 Defense Lawyer: Is Your Hotel Ready for the New Prop 65 Regulation Deadline? / Jim Butler
The 2018 LIIC Top Ten: The Annual Survey of Lodging Investments Trends and Challenges
Who Will You See at Meet the Money?
Important News for Hospitality Executives: How the New Tax Act Could Affect Your Estate Plan
Please login or register to post a comment.