With so many guests on property every day, there’s always the possibility of something going wrong, so sources said hoteliers need to be aware of their liabilities and options.
REPORT FROM THE U.S.—Hoteliers aim to give their guests the best experience possible, but even with the best intentions, Murphy’s Law can apply.
Sometimes things go wrong. A guest is injured. A guest’s phone goes missing, and he or she insists he didn’t lose it off property. There’s a car accident in the parking lot.
Any of these scenarios, and many more, could lead to a lawsuit, so sources said hoteliers need to be aware of the potential legal liabilities on and around their hotels and how to handle them.
Bodily injury claims, which can range from slip-and-fall accidents to life-altering accidents, are the most common type of liability hoteliers face, said Allen Wolff, shareholder and attorney at Anderson Kill. It’s impossible to completely eliminate injury risks, he said, but a thorough risk assessment can help hoteliers identify obvious ones that can be mitigated through commercially reasonable methods.
“From a liability standpoint, risk management is always better when done prospectively rather than retrospectively,” he said.
Wolff said Risk mitigation will achieve dual benefits: The risk of a claim will not only be reduced, but in the event of a claim, the risk assessment and risk mitigation efforts taken in advance will demonstrate the hotelier’s efforts to do everything reasonable under the circumstances to make the property safe for guests.
Typical insurance products for these claims would be a commercial general liability policy, Wolff said, and such policies often have exclusions to the coverage in separate endorsements changing the coverage that is otherwise available in the policy.
“In the context of hotel operations, such exclusions could eliminate coverage for specific geographic locations or for certain kinds of activities,” he said. “Work closely with an insurance broker to be certain that the proper coverage is obtained for your property.”
Hoteliers must be vigilant in monitoring access to the property, including high-risk areas such as pools, said David Samuels, chair of Michelman & Robinson’s Hospitality Industry Group. Access to the pool should be restricted to guests with valid key cards, and the door closer and latching hardware on doors and gates should function properly, be undamaged and be out of the reach of children.
Property access controls should include daily inspections of that door hardware on exterior guest and service doors, along with checks that those doors are functional and undamaged. Hoteliers should also check to see that keycard readers or other mechanisms function properly, Samuels said.
Loss of property
Similar to bodily injury, the claims hoteliers deal with pertaining to missing, lost or stolen guest property can vary from items of smaller value up to personal information through a data breach, Wolff said. Risk assessment and mitigation measures are essential, he added.
“Hoteliers can implement hiring practices that include background checks and bonding, as appropriate, for prospective employees, especially those whose job duties include access to guest property or sensitive guest information,” he said. “Hotels should always offer secure storage for valuables that guests wish to protect from the risk of loss or theft.”
Break-ins and burglaries of guest automobiles are commonly overlooked property damage claims, Wolff said. Make sure guest parking areas are well-lit and under video surveillance, he said, and include them in hotel security’s responsibilities and patrols.
“In the event of a claim, notify law enforcement and cooperate with them,” he said. “Insurance coverage for such guest claims would typically be available under a general liability policy or a commercial crime policy.”
Although viewed through the lens of an IT security issue, data breaches still amount to theft. Sandy Garfinkel, chair of the data security and privacy group at Eckert Seamans, said sometimes breaches involve hotel reservation and management systems, which are often tied to a brand’s servers.
“These are rare, but tend to be more damaging,” he said, referencing the 2008 and 2010 breaches of Wyndham Hotel Group. “Most data breaches at hotels, though, are compromises of (point-of-sales) systems of food-and-beverage outlets by use of malware that ‘scrapes’ credit card data at some point in the transaction process.”
Hotels have a number of special problems related to data security, Garfinkel said, including high employee turnover making training difficult, inadequate security policies and practices, using credit cards as the primary form of payment and shared computer systems with outside entities such as franchisors.
While the exposures aren’t necessarily all guest-facing, he said it creates the danger of private lawsuits, including class action.
Garfinkel suggested hoteliers review and update their data security policies and train employees concerning the handling of guest data, identifying phishing emails and the secure use of hardcopy data. A data breach response plan should be prepared ahead of time, he said, and practicing it before an actual breach can help hoteliers be ready.
Hoteliers also should protect themselves in contracts they hold with those who may have access to hotel data, Garfinkel said, such as outside vendors that handle POS systems.
“Contracts should include clear language regarding compliance with legal and industry data security standards, such as PCI-DSS, and ideally should have provisions requiring the other party to indemnify the hotel in the event of an incident,” he said.
Cyber liability insurance is designed to cover exposure and loss related to data breaches, accidental loss of information, ransomware attacks and the like, he said.
Hotel-owned vehicles can also create liability issues for hoteliers, Samuels said. He urged hoteliers to ensure that only authorized employees are permitted to drive hotel vehicles and to make certain those authorized employees are subject to motor vehicle registration qualification and disqualification standards when hired and while employed. The hotel should have policies against the use of cellphones, eating and drinking while driving, he said, and require the use of seatbelts for the driver and passengers.
Drivers of vehicles with Americans with Disabilities Act accommodations should also have training on how to use the lifts and secure mobility devices in vehicles equipped to use them, Samuels said.
Samuels said food sanitation and hygiene are also common issues. The best controls for food safety include ensuring the good quality of incoming food; there’s a constant reinforcement of food storage, rotation, handling and service regulations; and personal sanitation and hygiene practices are consistently reviewed, monitored and enforced with employees.
“Not only will this prevent an issue at the property, but by having these controls in place, a hotel can more effectively establish that a guest who may have become ill did not get sick due to something at the property,” Samuels said.