Issuu on Google+

focusing on legal, safety & security solutions


e-magazine November | 2012

Obtaining Full Coverage for Your Hurricane Sandy Insurance Claim: 8 Basic Tips page 12

Table of Contents 3

Editor’s Note


2013 Hospitality Law Conference


The Devil is in the Details: Training Employees for Alcohol Service By: David Denny


Cybersecurity: Does Your Company Have Insurance for Claims Arising Out of an Alleged Data Breach?


By: Scott Godes & Kenneth Trotter


Obtaining Full Coverage for Your Hurricane Sandy Insurance Claim: 8 Basic Tips


Foreseeing Criminal Activity on Hotel Premises


Can There Be Confidentiality in the Age of Social Media?


Stretching the Limits on Flexible Work Arrangements


Frequently Asked Questions on Overtime Compliance



By: Pamela Hanz, Darin McMullen, Marshal Gilinsky

By: Maryalyce Cox

By: Jessica Collier & Scott Sweeny

By: Michael Abcarian

By: Marty Heller



Editor’s Note About brings together the hospitality industry’s legal safety and security solutions, products, and services. We strive to provide quality articles on the latest hospitality legal issues, news, trends, and best practices. Our articles are written by hotel and restaurant law experts and solution providers who have significant legal, safety and security knowledge and experience. They provide practical tips with current, insightful analysis and information.

Article Contributions

Have an interesting article that you want to contribute to the Hospitality Lawyer e-magazine? Send it over! I encourage law firms, solution providers and hospitality industry leaders to send in a copy or summary of your article idea to me directly, so we can discuss if it fits our editorial needs.

Suggestions from Readers

To ensure that we provide the best and most relevant articles to our readers, we ask you to feel free to provide I encourage you to visit our website at www. feedback or ideas on interesting topics that you like to, where you can view industry read. We will in turn, do our best to make it happen. alerts, law libraries, white papers, e-newsletters and webinars; and search for law firms, attorneys and safety and security products for hotels, restaurants and country clubs. Current industry news and updates can also be found on our social media channels. Janet Le Editor & Publisher

H L worldwide legal, safety and security solutions 2450 Louisiana, Ste. 400-416 Houston, TX 77006 Office: (713) 963-8800 Fax: (713) 627-9934

MARKETING/MAGAZINE SERVICES Janet Le Director of Marketing



EXECUTIVE EDITOR Stephen Barth ADVERTISING/SALES Elizabeth Bennett Director of Business Development and Alliances

Hospitality Lawyer e-Magazine is published monthly by, Inc. dba, 2450 Louisiana, Texas 77006, (713)-963-8800, info@hospitalitylawyer. com. Subscription rates; free to general pubic upon request.

Kris McDaniels Business Development and Marketing Strategy All editorial content is copyrighted. No article may be reproduced by any means without express, written permission from the publisher. Reprint or PDF versions of the articles are available by contacting the publisher. Statements of fact or opinion are the responsibility of the authors and do not necessarily represent the opinion of the publisher. Advertising in the publication does not imply endorsement by the publisher. The editor reserves the right to accept or reject any article or advertisement. | November 2012


February 11th February 12th - 13th Pre-Conference Workshops • Owner-Management Summit 1. New Hotel Development 2. Management Agreements 3. Hotel Investment Boot Camp • The Convergence of Risk Management, Legal Compliance and Loss Prevention • Restaurant & Hotel Corporate Counsel Only

Hospitality Law Conference • Food & Beverage Track • Human Resources & Labor Relations Track • Lodging Track


WHO SHOULD ATTEND: The conference is designed for corporate counsel, attorneys and paralegals practicing in the hospitality industry, owners, investors, developers, deal makers, management companies, operators, risk managers, security and loss prevention personnel, CFOs, comptrollers, accountants, HR and IT professionals, franchise service directors, and hospitality law faculty and students.




SAVE $200!

LEADERSHIP. PROBLEM SOLVING. VALUE CREATION. For more information on A&M’s Real Estate Advisory Services, please contact the following individuals: Chuck Bedsole Managing Director Hospitality Advisory Services +1 214 438 1014

Alvarez & Marsal Real Estate Advisory Services advises owners, investors, lenders and users of real estate — enabling clients to combat current economic-related challenges, as well as position them for future success. We recognize that hotels, resorts, timeshare, tourism and entertainment facilities are operating in a rapidly changing environment. We stand ready to provide services throughout the entire real estate lifecycle — from pre-acquisition due diligence to exit strategies, including real estate asset management. N O R T H A M E R I C A • E U R O P E • M I D D L E E A S T • A S I A • L AT I N A M E R I C A

Copyright 2012 Alvarez & Marsal Holdings, LLC. All rights reserved.

Alvarez & Marsal draws on a deep operational heritage and hands-on approach to deliver comprehensive performance improvement, turnaround management, business advisory and interim management services that produce meaningfuland lasting-results when time is of the essence. Our clients range from global enterprises to middle market companies that are both publicly held or privately owned, as well as large and mid-cap private equity firms, corporate management and hoards of directors.

The Devil is in the Details: Training Employees for Alcohol Service The service of alcoholic beverages is one of the most regulated business activities in the United States. All operators know the pain of dealing with a state licensing agency to obtain the permits necessary to begin serving alcohol. Regulation, however, does not stop with the issuance of a liquor license. You must thoroughly (and consistently) train staff to serve alcohol to your guests. To do that, you must have a written alcohol policy encouraging responsible alcohol service. In states with dram shop “safe harbor” laws, your policy should track the language of the dram shop statute so you can take full advantage of its benefits.

For example, the policy should describe the company’s stance on serving underage or visibly intoxicated guests (NO!), tips for recognizing the warning signs of intoxication, specific roles of both employees (observe the scene and report to managers in the event anything is amiss) and managers (confront guests and resolve any issues that may arise). Each employee should sign a copy of the alcohol policy, and the signed form should be kept in employee files. Even better, make the alcohol policy’s signature page a part of the employee handbook to ensure that you get the signature turned in at the same time as the handbook acknowledgement (you are doing that, right?!). It is important to remember that training on your alcohol policies does not stop after new employee orientation. Alcohol policies should be periodically revisited in manager meetings (quarterly works nicely), and a written record kept showing each time the topic is addressed. Many operators ask, “Why bother writing down everything my servers are supposed to learn in the certification course?” The answer is simple: It is for your own protection. Documentation of your policies, coupled with regular training, can be the first line of defense in a lawsuit involving the service of alcohol. Plaintiffs’ attorneys and state regulators can sink their teeth (deeply) into operators without good policies, showing that the very absence of a


Hospitality Lawyer e-Magazine | November 2012

written policy equals laziness for the sake of profit-mongering. Jason Kosmas, Beverage Director at The Village Marquee Grill & Bar in Dallas, TX and co-owner of Employees Only and Macao in New York City, notes “Observation is the key. People might come in after having a few cocktails at home, and sometime after getting to the bar those drinks hit them. You have to be OK with addressing that situation as soon as it happens. Managers have to be ready to confront the guest and get them into a cab and out of the bar. At the end of the day, the most important thing is that the guest is safe.“ Remember, though, that if you do choose to create written policies, you must enforce them. The only thing a plaintiff ’s attorney likes more than a company with no alcohol policy is one that has a policy and fails to enforce it (showing your knowledge of the risks posed by alcohol service, but an unwillingness to protect your guests for the sake of profitmongering).

David T. Denney is an attorney, licensed in both Texas and Tennessee, whose practice is devoted to hospitality clients. He can be reached through his firm’s website at The comments provided herein are for educational purposes only, and should not be construed as legal advice. Please contact an attorney with experience in the hospitality industry should you require more information.

Get your employees certified in your state effectively and efficiently. Nationwide alcohol seller server certification: TABC, Utah, BASSET, Wisconsin & more are available. Alcohol Server Training is a must for any business selling alcohol or serving alcohol. provides an online Alcohol Server Training course, powered by 360 Training, that enables your employees to complete the course on-line at their own convenient time, at their own pace. Prices vary from $25 to $35 depending upon the state in which the Alcohol Server Training is needed. To register for the Alcohol Server Training, please click here. For more information, including information on corporate rates, please contact us at 713-963-8800 or | November 2012



Does Your Company Have Insurance for Claims Arising Out of an Alleged Data Breach? Cybersecurity risks, including data breaches, are among the most significant risks facing any company in the hospitality industry that receives what may be characterized as personally identifiable information, including credit card information. When hackers, rogue current or former employees, or others steal or otherwise gain access to such personally identifiable information, the data breach may expose the company to liabilities under statutory and regulatory schemes and to third parties, resulting in significant costs to mitigate, remediate, and comply with the obligations arising out of the liabilities.

Data Breaches May Result in Two Significant Types of Claims Against the Company: • Consumer Class Actions: Consumers have filed class action lawsuits alleging, among the loss of the value of their personal information, identity theft, invasion of privacy, negligence, or contractual liability. For example, in 2011, Sony allegedly suffered various cyber attacks and data breaches, leading to multiple putative class action lawsuits against various Sony entities. See, e.g., Johns v. Sony Computer Entm’t Am. LLC, No. 3:11-cv-02063-RS, Complaint ¶ 101 (N.D. Cal. Apr. 27, 2011) (“Sony Claims”). Sony reportedly suffered a nine-figure loss as a result of the first hack. See, e.g., Alastair Stevenson, Sony Networks Hacked Post-PSN and PlayStation Store Restart, Int’l Bus. Times (June 3, 2011), available at articles/156879/20110603/sony-hack-lulzsec-securitypsn-playstation-network-hackers-security-breach-3-4. htm. • Governmental Actions: Governmental entities, such as the Federal Trade Commission (“FTC”) and state attorneys general, have aggressively pursued companies for alleged failures to maintain reasonable security measures to protect consumers’ sensitive data. In a case involving a business in the hospitality industry, the FTC alleged that a company’s failure to maintain reasonable security allowed intruders to obtain unauthorized access to the computer networks on multiple occasions. The FTC alleged that the company’s security failures led to millions in fraudulent charges on consumers’ accounts, and the export of thousands of consumers’ payment card account information to a domain registered overseas. Outside of the hospitality industry, in 2009, TJX Companies, Inc., agreed to pay $9.75 million to 41 attorneys general as part of a settlement that followed an investigation concerning the retailer’s data security practices. Press Release, Washington State Office of the Attorney General, Attorney General McKenna Calls TJX’s Data Breach a Costly Lesson (June 23, 2009), available at tjxsettlement062309.aspx. Consumer and governmental actions expose a company to significant liability if the allegations prove to be true. A company also can spend significant sums in legal expenses to defend itself against such actions even if the allegations prove to be unfounded. According to a new white paper from NetDiligence, Cyber Liability & Data Breach Insurance Claims: A Study of Actual Payouts for Covered Data Breaches (Oct. 2012), which examined 137 events that occurred between 2009 and 2011, the average costs of legal defense was $582 thousand and the average total cost per incident was $3.7 million. http://www.netdiligence. com/files/CyberClaimsStudy-2012sh.pdf.

A Company Should Carefully Consider the Types Of Insurance That May Provide Coverage, Including Payment of Defense Costs for a Data Breach A company should analyze its entire slate of insurance policies to determine in advance of any breach what coverages might apply to claims alleging a data breach. Such insurance may pay the costs of defending against such claims as well as liability due to any settlements or judgments arising out of such claims. Coverage may be available under traditional forms of insurance such as commercial crime and commercial general liability (“CGL”) policies. Regarding commercial crime policies in particular, the U.S. Court of Appeals for the Sixth Circuit found coverage under a “computer fraud” endorsement to a crime insurance policy for certain costs relating to a data breach. Retail Ventures, Inc. v. Nat’l Union Fire Ins. Co. of Pittsburgh, Pa., 691 F.3d 821 (6th Cir. 2012). Insureds, however, should not assume that their insurance companies will agree that coverage is provided by more traditional forms of insurance, such as crime and CGL policies, notwithstanding positive case law. For example, Zurich, seeking to avoid defending or indemnifying Sony against the Sony Claims, filed an action against numerous Sony entities seeking declarations that there is no coverage under various CGL policies, among other requests for rulings. See Zurich Am. Ins. Co. v. Sony Corp. of Am., No. 651982/2011, Complaint (N.Y. Sup. Ct. July 20, 2011). The matter is still pending and the outcome remains uncertain, particularly when Zurich itself previously had recognized, in at least one article, that “[t]hird-party liability policies such as Commercial General Liability (CGL) policies provide coverage to a company . . . [for] data security breaches.” Zurich, Data Security: A Growing Liability Threat (Aug. 24, 2009), zna/SiteCollectionDocuments/en/media/whitepapers/ DOCold2DataSecurity082609.pdf. | November 2012


We know these waters


Navigating Your Insurance Claim Can Be Treacherous® When it comes to property insurance claims, things get complicated fast, and it’s not always apparent at first what you’re up against. The insurance company has their own adjuster and a team of experts to scrutinize your claim. When you choose to work with Goodman-Gable-Gould/ Adjusters International, you bring the power of our experience to the process. We guide you to your best possible financial recovery.


A good solution for a company concerned about having coverage in place for loss arising out of a data breach is to purchase insurance marketed expressly for cyber-related loss. Insurance companies market such standalone policies as being specifically designed to address information risk. Many refer to such coverage as “cyber insurance.” For the purposes of this article, we will continue to refer to this solution as “cyber insurance.” Many of these policies are marketed as contemplating coverage for loss due to information risk, including data privacy and network security. A properly designed insurance solution may very well preempt a difficult explanation to senior management that, after a cyber loss, the insurance company denied coverage under other lines of insurance, even if the denial was not warranted. Cyber insurance comes in many forms and variations, including: Technology Errors and Omissions, Information Security Insurance, Network Security Insurance, Privacy Insurance, Data Breach Insurance, Network Breach Insurance, Technology Solutions, and a wide variety of trade names that seem to incorporate the term “tech,” “cyber,” or some form of “digital.” Cyber insurance is often written on forms that vary from insurer to insurer. It is critical, therefore, that those involved in the procurement


Hospitality Lawyer e-Magazine | November 2012

of such policies carefully consider the coverage afforded by the policy, limitations on such coverage, and any conditions in the policy. Some high-level and important considerations to keep in mind when considering the scope of cyber policies include (but are not limited to): • Will the policy respond to costs incurred because of liabilities that require the insured to take steps to remedy a breach of personally identifiable information, even if there is not a demand made by a claimant or governmental entity? • Will the policy address coverage for liabilities to the payment card industry? • Will the policy cover regulatory actions, such as actions brought by the FTC and state attorneys general? If so, how formal must any investigation be before the coverage may take effect? How is a covered “action” defined? Are investigatory subpoenas covered? • How broadly does the policy define “computer system” or “network” and information in the care, protection, or control of third parties, including those with written contracts and those without?

• Will the policy provide coverage for identity theft resolution services, including the costs associated with notifying individuals about the breach, credit monitoring expenses for the individuals whose information was leaked, as well as credit counseling services, credit restoration services, and even identity theft resolution services? (The optimal policy will provide such coverage even when the notification is voluntary and there is no law requiring such notification.) • Will the policy provide coverage for loss control services? (A company should consider, however, whether the coverage it purchases is contingent upon its agreeing to perform any security upgrades recommended by the loss control services company.) •

Will the policy pay for the costs of data restoration?

• Will the policy cover liabilities arising out of injuries to companies, corporations, partnerships, and other entities, as well as natural persons? • What are the geographic limitations of the policy, and will the policy apply to a data breach involving data stored outside of the company’s offices (e.g., data stored with cloud providers and other vendors that may host data outside of the United States)?

suggested that, in light of the Guidance, companies should be cognizant of the claims against a company’s directors and officers for failure to manage and insure IT risk. See Lawrence J. Trautman & Kara Altenbaumer-Price, The Board’s Responsibility for Information Technology Governance, 28 J. Marshall J. Computer & Info. L. 313, 318 (2011) (“In light of recent large cyber attacks, the SEC has issued new disclosure guidance requiring public companies to disclose cybersecurity risks that reasonable investors would consider important to investment decisions and how they address them, including whether they have cybersecurity or privacy insurance.”). Whether such claims are seen as meritorious or not, a company in the hospitality industry should be aware of and consider the Guidance, and it should have an understanding of the scope of the company’s “relevant insurance coverage” for cybersecurity and data breach risks.

Conclusion It is impossible to list in this article every issue that may arise, particularly since the coverage forms are rapidly evolving and are not standard. Consideration of the above issues, however, will substantially assist counsel and a company in assuring that the appropriate coverage is purchased for risks of and losses from a data breach.

A Company Should Be Cognizant of the Potential for Claims Against the Company, its Directors and Officers Relating to Cyber Risks and Alleged Failures to Insure Cyber Risks On October 13, 2011, the Division of Corporation Finance of the Securities and Exchange Commission (“SEC”) issued CF Disclosure Guidance: Topic No. 2, Cybersecurity, available at corpfin/guidance/cfguidance-topic2.htm. The Guidance recognizes the “increasing dependence on digital technologies” for registrants “to conduct their operations.” The Guidance suggests that registrants consider the “adequacy of their disclosure relating to cybersecurity risks and cyber incidents.” The Guidance suggests that “appropriate disclosures may include . . . Description of relevant insurance coverage.”

Scott Godes and Kenneth Berline Trotter are attorneys with Dickstein Shapiro LLP, who devote a significant portion of their practice to the representation of policyholders in complex insurance disputes with insurance companies. They may be reached at and, respectively. This information is general and educational and is not legal advice.

This recent Guidance has caught the attention of companies and commentators, including the emphasis on the disclosure of insurance coverage. Commentators have | November 2012


Photos by: Spencer Platt/Getty Images


Hospitality Lawyer e-Magazine | November 2012

Obtaining Full Coverage for Your Hurricane Sandy Insurance Claim: 8 Basic Tips As businesses assess the damage and try to recover from the massive disruptions caused by Hurricane Sandy, many are already thinking about how their insurance contracts respond. Savvy policyholders are already taking action to make sure that they obtain a full recovery under their property and flood insurance policies most of which cover not only the cost to repair physical damage, but also the profits lost due to the local and regional disruptions wrought by Sandy. Although picking up the pieces after this massive storm will be challenging, this article provides essential tips to help business policyholders maximize their Sandy-related insurance claims. 1. Look to First-Party Insurance Most businesses affected by Hurricane Sandy will look to first-party insurance policies for recovery. First-party insurance protects policyholders from losses they suffer to their own property as well as expectations of profit. These policies are often called “property” insurance policies, but first-party insurance can come in other forms, including “inland marine,” “fire,” “boiler and machinery,” “equipment breakdown” or “multiperil” policies. Of course, flood insurance obviously is another important type of first-party coverage, especially for policyholders situated near waterways that experienced storm surge during the storm. These policies and their sometimes misleading names, conditions and coverage, can create confusion and potentially cause policyholders to ignore areas of coverage that might be applicable. Therefore, regardless of name, review all of your insurance policies for potential avenues of coverage. | November 2012


2. Property Insurance Policies: Looking Beyond the “Bricks & Sticks” Most policyholders recognize that property insurance policies pay for physical loss or damage to buildings and business property machinery, equipment, inventory, raw materials as well as the property of others in the policyholder’s control. However, property insurance policies may also include additional coverage beyond physical losses. Although property damage is common following a hurricane, often the most significant losses come in the form of lost revenue and intangible monetary losses. Most commercial policyholders have coverage under their property insurance policies for such “business interruption” losses, which usually are measured as the lost revenues less non-continuing expenses during the loss period following the storm. Most commercial property insurance policies also cover extra expenses incurred due to the storm or to minimize the policyholder’s business interruption loss. Further still, many commercial property insurance policies also cover lost profits caused by, among other things: orders of civil authority (e.g., evacuations or mass transit closures) that limit access to the policyholder’s business; damage to other businesses (e.g., casinos) that attract customers to the policyholder’s business; or damage to property of customers or suppliers that adversely impact the policyholder’s business.


Hospitality Lawyer e-Magazine | November 2012

Ultimately, policyholders should look beyond the direct physical damage to property and equipment and determine what additional coverages can be tapped to maximize recovery for the full range of their losses.

3. Retain an Engineer or Consultant if There is Risk to the Structural Integrity of a Property Owned or Managed by the Policyholder Policyholders concerned that Hurricane Sandy has affected the structural integrity of the property they own or manage may want to consider speaking with an engineer or other consultant to help determine whether steps should be taken to preserve the structural integrity of that property. First-party property insurance policies generally require insurance companies to pay for measures that policyholders take to mitigate damages, including the cost of an engineer or consultant to recommend or help implement measures designed to mitigate damages as well as the actual cost of structural supports.

4. Provide Notice to Your Insurance Companies A policyholder that believes it has a potential claim should give notice to all of its insurance companies as soon as possible. In some states, late notice can create unnecessary

obstacles to an otherwise straightforward claim. While the rules determining the extent of an insurance company’s right to deny coverage on the basis of late notice vary from state to state, policyholders can avoid the danger by providing timely notice. This is one situation in which it is best to err on the side of caution. Provide notice even if you do not have a complete handle on all the particulars of a claim - you can always supplement the initial claim later as you develop more complete information about your losses. In most, if not all, cases, it may be preferable for the policyholder to instruct its insurance broker to give notice under all insurance policies that could be implicated. Finally, be mindful that your insurance policy may dictate that notice be provided in a particular way, including on a specific form, by a specific individual, and to a specific individual. Again, err on the side of caution and make an effort to follow the notice requirements to the “T.”

5. Document All Loss Items and Emergency Expenses Policyholders should put into writing all claim-related submissions, information and communications with the insurance company. Insurance companies often question, reject and contest loss items submitted by policyholders for reimbursement. Keeping complete and accurate records of loss items is vital to getting fully reimbursed for your losses. In addition, consider using video and photographic evidence to further document losses. The claims resolution process can be lengthy and tedious. Be

prepared for multiple requests for the same documentation and information. If such repeated requests bog down your claim, be aware that they can also be a sign of bad faith conduct by the insurance company. Maintaining a complete written record of your communications with the insurance company can be helpful not only in processing the claim itself, but also in any subsequent litigation that may follow.

6. Consider Tolling Agreements with Your Insurance Company Large property and business interruption losses like those caused by Sandy may well result in insurance claims that sometimes take months if not years to resolve. However, insurance policies sometimes require a policyholder to repair or replace property, file a proof of loss, and/or file a lawsuit within a relatively short period of time sometimes even if the insurance company has not completed its adjustment of the loss. Provisions limiting the time for the policyholder to provide a “proof of loss,” file suit and/or repair or replace damaged property can be and often are extended by written agreement between the policyholder and insurance company. That written agreement is referred to as a “tolling agreement,” which provides a “time out” and keeps the clock from running out on the policyholder. Accordingly, policyholders should consider whether the nature of the loss and the specific policy provisions warrant a tolling agreement. | November 2012


7. Assemble the Right Team To Prepare and Pursue Your Insurance Claim Given the substantial damage wrought by Hurricane Sandy, the insurance industry is sure to enlist an army of consultants and attorneys to evaluate Sandy-related claims. Although they are called “independent adjusters,” the personnel that insurance companies send out to process claims work for the insurance company, not the policyholder. Policyholders, especially those with significant losses, should make sure they have the right team working for them and protecting their interests. A policyholder’s internal claim team should be identified early, and the responsibilities and roles of each team member should be defined as soon as possible. Moreover, the internal claim team should have “one voice” in communications with the insurance company in order to avoid inconsistencies in the information provided to the insurance company. Policyholders should also look to various external resources in connection with the preparation and pursuit of claims. Forensic accountants, public adjusters and insurance coverage counsel all can provide valuable services to policyholders, particularly with regard to large claims and claims requiring detailed policy analysis or claim preparation.

8. Appreciate Exclusions for What They Are and What They Are Not Policyholders should pay particular attention to any water damage or “flood exclusions” contained in their policies. These exclusions can become a grey area as large as the storm itself, as insurance companies often attempt to use these provisions to exclude otherwise covered losses. For example, although damages occurring from the overflow of coastlines and rivers may be excluded as flood, rain that washes away land and causes a collapse may not constitute “flooding” and those losses are not excluded. There is no bright line rule as to whether a flood exclusion applies and it will vary depending on the unique facts of each loss and policyholders should not automatically assume, or accept, that the mere involvement of water will exclude their loss. Of course, coverage for damage directly caused by actual flooding should be covered under the policyholder’s flood insurance policies. The physical cleanup and economic recovery following Hurricane Sandy will take months if not years to complete. Although some aspects of the recovery are not within the control of those impacted by the storm’s devastation, the resolution of insurance claims need not be entirely


Hospitality Lawyer e-Magazine | November 2012

out of the policyholder’s hands. By following these tips and remaining resolute in the pursuit of their claims, commercial policyholders can efficiently and effectively obtain full recovery for their hurricane-related losses and return to business as usual.

Pamela D. Hans is managing shareholder in the Philadelphia office of Anderson Kill & Olick, P.C. Ms. Hans regularly represent policyholders in insurance coverage matters.

Darin J. McMullen is of counsel in Anderson Kill’s Philadelphia office. Mr. McMullen’s practice is concentrated in representing policyholders in the area of insurance recovery.

Marshall Gilinsky is a shareholder in the insurance recovery group in Anderson Kill’s New York office. Mr. Gilinsky practices concentrate on insurance recovery, exclusively on behalf of policyholders.

No electricity, gas or ruNNiNg water?

Make sure your guests and your profits are still safe. Property damage and business interruption losses require experienced, credible and trusted claims professionals. that’s why owners, operators and developers turn to BDO Consulting with their property and business interruption insurance claims. the way we see it, helping our clients through the claims process is all about service. and service is what BDO Consulting is all about.

Clark SChweerS managing Director 301-634-0281

BDO COnsulting insuranCe Claim serviCes Š 2011 BDO usa, llP. all rights reserved.

I Didn’t See That Coming! Foreseeing Criminal Activity on Your Premises A guest walks to the front desk of a hotel and reports that his car window has been smashed and his laptop and GPS unit have been stolen. His car was parked in the hotel parking lot. The hotel manager calls the local police and reports the crime, and then the guest turns to the manager and asks her to pay for all of his property damage, arguing that it is the business owner’s responsibility to protect against crime on the premises. How should the manager respond? Are business owners legally responsible for criminal activity that occurs on their premises?


Hospitality Lawyer e-Magazine | November 2012

The answer is not black and white, and the circumstances surrounding the criminal activity must be examined. In determining whether or not a business owner is responsible for the criminal acts of third parties, courts in most states will look at whether or not the crime was foreseeable. If the crime was foreseeable, then the second step is whether or not the business owner took reasonable steps to protect her customers from these foreseeable crimes. Whether or not a crime is foreseeable will depend upon several factors, including: 1) whether there have been similar crimes on the premises that would put the business owner on notice that these types of crimes have occurred or are occurring, 2) the frequency of crimes on the premises, 3) the time lapse between the last reported crime and the current one, 4) and whether any additional security measures where implemented from the time of the prior criminal activity to the new one; and 3) whether the area is known as a high crime area. Attorneys representing victims of crimes occurring on

a business owner’s premises will assuredly contact the police department to identify all criminal activity that has occurred in the past on both the premises at issue as well as the surrounding area. The victim’s attorney will then likely argue that the business owner was negligent in its security, failed to monitor criminal activity, and failed to protect its customers from crimes. In response, the business owner will need a strong defense to counter that the crime committed was not foreseeable, and that the security measures in place were adequate. Although laws vary from state to state, if the business owner can establish that the type of criminal activity that occurred was not foreseeable, then the owner should escape responsibility for injuries and damages resulting from the crime committed. The bottom line is to remain vigilant with security, do not ignore reported crime on your premises, and contact an attorney in your state if you have questions or require legal advice.

------------------------------------------Maryalyce Cox is a shareholder with MehaffyWeber in Houston. She specializes in civil litigation defense, with an emphasis in premises liability, products liability, and insurance defense. In addition to representing clients, she also provides training and counseling services to the Hospitality Industry. Maryalyce has successfully tried to verdict personal injury and property damage cases in various jurisdictions in Texas state courts.

Hospitality & Tourism Expertise Aquatics & Drowning

Premises Security

Maria K. Bella, AFOIT, CPOI, LGI 800.813.6736

Donald J. Decker, CPP, CPM 800.695.3139

Barry E. Parsons, FMP 800.813.6736

Richard L. Frongillo 800.813.6736

Elizabeth A. Trendowski 800.631.6605

Lisa A. Thorsen, Ed.D., C.R.C 800.813.6736

Food Safety

Dram Shop & Liquor Liability Grounds Maintenance

Brian O’Donel 800.813.6736

Skiing / Winter Sports

Supervised Care / Day Care Toxicology

Michael J. McCabe, Jr., Ph.D., DABT 800.813.6736

These are our experts and we stand behind their work. Contact an expert directly to discuss your case.

Engineers, Architects, Scientists & Fire Investigators 800.813.6736

Can There Be Confidentiality in the Age of Social Media? The proliferation of social media in the workplace has increased the risk of potential liabilities for companies. Specifically, there is a growing amount of litigation arising out of the use of confidential or proprietary information shared on social media websites. Employers have been facing, and will continue to face, a range of claims brought on by the use of social media in the workplace. Such claims may come in the form of invasion of privacy, copyright and trademark infringement, defamation, securities disclosure, advertising and consumer protection, harassment, discrimination, professional negligence and a continually evolving list of other claims. Employers need to be aware of potential confidentiality breaches by both current and former employees. In Sasqua Group, Inc. v. Lori Courtney, et al., Case No. 10CV00528 (U.S.D.C. E.D.N.Y. 2010), a financial services company’s former managing director, Lori Courtney (Courtney), left the company to start her own financial services firm. Several of Sasqua’s clients moved their business to Courtney’s new firm. Sasqua then sought a temporary restraining order against Courtney, claiming that its trade secrets included “client contacts, their individual profiles, their hiring preferences, their employment backgrounds, and descriptions of previous interactions with client contacts.” Courtney countered with the argument that almost all potential clients in their industry have their information available on “Bloomberg, LinkedIn, Facebook or other publicly available databases.” Ultimately, the court adopted the Magistrate’s Recommendation that the information not be afforded trade secret protection and that injunctive relief be denied. Sasqua Group, Inc. v. Courtney, 2010 U.S. Dist. LEXIS 93442 (E.D.N.Y. Aug. 2, 2010). Sasqua is an example of how the proliferation of information shared on social media sites can make it increasingly difficult for companies to maintain that sensitive information is either proprietary or confidential. Another consideration regarding proprietary information is how to handle the information once it either intentionally or inadvertently becomes public. In Katiroll Co., Inc. v.Kati Roll and Platters, Inc., 2011 U.S. Dist. LEXIS 85212 (D.N.J. Aug. 3, 2011), the court considered a trademark infringement dispute between two restaurants. During litigation, the defendant removed his Facebook profile,


Hospitality Lawyer e-Magazine | November 2012

which had included a photograph displaying the infringing trade dress at issue. Plaintiff alleged that the evidence had not been properly preserved. The court ultimately found that defendant had removed his Facebook pages at plaintiff ’s request due to the infringement issues and, consequently, any spoliation of the evidence was unintentional. The court ordered that the Facebook picture be publicly visible again for a short period of time in order for plaintiff to obtain whatever it needed. Consequently, even if a party inadvertently posts confidential information, there may be legal ramifications associated with the subsequent removal of that information. If lawsuits are filed, then the confidential information or the misrepresentation of proprietary information will receive unwanted exposure and attention, regardless of who prevails in the lawsuit. Another concern arising out of the dissemination of proprietary information through social media was illustrated in the recent case of PhoneDog v. Kravitz, Case No. C 11-03474 (N.D. Cal. 2011) in which a mobile news and reviews company sued former employee Noah Kravitz (Kravitz) over who owned a Twitter account. The Twitter account was started in association with PhoneDog, but was then used by Kravitz as his own Twitter account. This raises the issue of who actually owns a social media account. Although the matter remains pending in the Northern District of California, the court’s denial of Kravitz’s motion to dismiss the trade secret claim highlights the possibility of a forthcoming determination on a crucial question of law in the evolving field of social media claims. Understandably, many employers are concerned that their employees will share proprietary information through social media sites and have established policies prohibiting such conduct. In response to such policies, the National Labor Relations Board (NLRB) maintains that a confidentiality policy is illegal if it limits employees’ ability to communicate with others regarding their working conditions. According to the General Counsel of the NLRB, a social media policy that limits use of the company’s name “without prior approval of the law department” is unlawful. (See Office of the General Counsel, Report of the Acting General Counsel Concerning Social Media, January 24, 2012.) *Therefore, under Section 7 of the National Labor Relations

Act, employees have the right to use a company name and logo on items such as electronic or paper leaflets, cartoons or picket signs as long as they are engaging in protected, concerted activity. On the other hand, one administrative law judge, in G4S Secure Solutions (USA) Inc., Case No. 28-CA- 23380 (March 29, 2012), upheld an employer policy that prohibited placement of photographs or videos of GS4 employees in uniform or at the workplace on social networking sites without express permission. In supporting the employer’s action, the court concluded that the employer had a legitimate reason for restricting the posting of pictures of its employees on social media sites and that “[t]o read it as a prohibition on Section 7 activity strikes me as a stretch.” In contrast, that very same court concluded that the employer could not restrict employees from using social media sites as a vehicle for commenting on work related matters. It is important for companies to proactively implement social media policies regarding confidential and proprietary information that will serve to protect their interests even further in this ever-changing environment. Such policies should be carefully tailored to abide by the numerous laws and authorities that are emerging in this area. Just having the appropriate social media policies is not enough – companies need to appropriately communicate those policies to their employees and train employees\ on compliance. Further, companies that fail to secure appropriate social media insurance coverage to safeguard their interests will likely find themselves perilously exposed in a world driven by this exploding area of liability. Jessica Collier specializes in international and domestic crisis management, including product recall and food contamination issues. Jessica also focuses her practice on transportation, construction defect, employment, and professional liability matters. Scott Sweeney focuses on defending employers in employment discrimination claims and representing sureties and insurance carriers in surety bond and bad faith litigation. With a background in insurance coverage disputes and general commercial matters he has shared his litigation experience with numerous insurance and surety claims handlers and employers.

Stretching the Limits on Flexible Work Arrangements Are we seeing the end of 40-hour work weeks by employees? While some workers may be accustomed to toiling around the clock in an effort to climb the corporate ladder, a recent study shows that more and more employers are encouraging improvements in work-life balance by offering flextime, alternative worksites, and optional overtime in hopes of retaining employees who may be lured away by less intensive hour requirements or more lucrative job opportunities.


Hospitality Lawyer e-Magazine | November 2012

By the Numbers According to the 2012 National Study of Employers conducted by the Society for Human Resource Management and the nonprofit Families and Work Institute, 77% of companies who were surveyed said that they now permit or encourage flextime, up from 66% from 2005. Nearly two-thirds reported that they allow employees to work occasionally from home, which is a significant increase from 34% prior to the recession seven years ago. Employees are also finding it more acceptable to turn down overtime hours. Now, 44% of employers surveyed said they give their

workers a say in whether or when they will put in extra hours, which is an increase of 28% since 2005. Many employers are adopting creative work schedules to encourage employees to stay put now that the job market is opening up. But in doing so, they may not be paying sufficient attention to the compliance implications of wage payment laws that may affect these arrangements. There are potential pitfalls under both federal wage and hour laws and the requirements and limitations of local and state laws that demand close attention, which means it may be time to make sure your human resources department is managing employee working hours the right way.

Don’t Bend the Rules Most wage-payment laws were not designed to be flexible or adaptable, or to facilitate the practical concerns of modern-day employers. Nevertheless, these requirements remain in force, and you should ensure that alternative-scheduling plans comply with what at times may seem antiquated, or even nonsensical, legal requirements. You can reduce the likelihood of unintentional violations by understanding a few key concepts and being proactive.

Recordkeeping If employees are allowed to work flexible or unusual hours, it may be necessary to implement a more precise recordkeeping system to track the time worked. If not, small timekeeping errors may gradually accumulate, leading to hundreds of thousands of dollars in liability, penalties, and attorneys’ fees if you are forced to defend wage-payment claims on a class basis. Supervisors must properly train and monitor employees in connection with accurate timekeeping practices both for those who work inside the office or plant, and those who work at home or telecommute. Discipline those who violate these important rules.

Overtime Work and Pay Just because overtime work may be optional for some flextime employees, it’s still crucial to account for all overtime hours worked and properly compute overtime pay for employees who are not exempt from the overtime pay provisions of federal and state laws.


Frequently Asked Questions on Overtime Compliance

Q: How

do I stop overtime claims by non-exempt employees who claim they worked hours off the clock?


The law really favors employees in these situations unless you keep detailed and accurate time records. Accordingly, your first task is to make sure your time records are well kept. Next, make your employees sign off on their time sheet each week. Have your supervisors print out weekly (or bi-weekly) time sheets for each employee and add a statement at the bottom which says “I agree that this timesheet accurately represents all time I have worked for the dates included on this time sheet. I also agree that, if I do not believe this time sheet is accurate, I will immediately report this to my supervisor in writing.” At the end of each week, your supervisors should be responsible for ensuring that every time sheet has been signed or reviewed if there is any issue. This practice will provide strong evidence to use against an unpaid overtime claim.

Q: Most of my maintenance employees

are on call for at least one night a week. I have never paid them unless they actually come in to fix something. Is this right?


It depends. In general, on-call time only is compensable if you keep the employee from doing what they want to do while they are on-call. A “no-alcohol” restriction generally is fine, and you can require a reasonable response time to a call, i.e. an hour. Things get a little trickier if you place additional limitations on your employee, such as requiring that they stay within a 10 mile radius of your place of business, or requiring an immediate response to a call and arrival at your place of business within 15 minutes. In sum, the less restrictions you place on their time, the better argument you have that the on-call time is not compensable. (Continue on next page)

Most flextime litigation has to do with misclassification of workers who are thought to be exempt from the overtime pay provisions of federal or state law. | November 2012



Do I have to pay my employees whenever they respond to an e-mail or phone call after hours? What if the extra time means they now are owed overtime, even if the hours were not authorized?


Generally, you have to pay your employees for time spent responding to e-mails, etc. after hours, even if it is on a smart phone. The best defense against an employee working after hours is a good policy prohibiting working off the clock without permission. This policy also should require employees to immediately report any time worked off the clock. Then, when an employee works off the clock responding to e-mails on their phone (or any other time off the clock), you pay them for the time, and then you discipline them for violating the policy. Your response should be the same, whether the extra time means you owe overtime or not. Remember, working unauthorized overtime is no different than any other work rule violation. Although you have to pay the employee for the time worked, you still should discipline the employee for violating a work rule. If feasible for your company, I recommend that my clients limit the use of employer provided “smart phones” to exempt employees, and I also recommend that my clients have a rule that nonexempt employees cannot connect their phones to the server to receive work e-mails. If this will not work for your company, it is always a good idea to review which employees really need smart phones and PDA’s, and to limit the number of non-exempt employees walking around with phones that can send and receive work e-mail. Martin B. Heller is an associate in the Labor Law and Employment Litigation Section of Freeman Mathis & Gary. Mr. Heller represents public and private sector employers on a national, regional, and local basis in all aspects of employment litigation, including wage and hour claims, employment discrimination claims, family and medical leave claims and employment contracts.


Hospitality Lawyer e-Magazine | November 2012

As a general proposition, all employees are presumed to be nonexempt from the overtime pay provisions of the FLSA, unless you can show that a specific exemption applies. In other words, employees are entitled to overtime pay for all overtime hours. Research shows that a significant number of employees – for example those who perform safety duties – are treated as exempt when they usually do not fall within any specific exemption category under the FLSA. Although it may be possible to defend such exemption strategies, you must be sure all employees are properly classified in order to avoid this common wage payment problem.

First, See if It Fits When implementing a flexible work schedule, it’s a good idea to pilot the program. Analyze the pros and cons after a few laps around the track, obtain employee feedback, and make any necessary adjustments before setting the ongoing plan in place. At the outset of the pilot program, remind employees that if the plan proves unsuccessful, the company will return to prior work scheduling arrangements. With the number of wage-payment claims soaring in recent years, these matters can be time consuming and expensive to defend, even if you’ve done little that is found to be out of compliance. Generally, these cases boil down to little more than the mechanics of how your employees should have been paid. To avoid costly litigation, take time to understand your obligations under the FLSA and other applicable wage payment laws, and make compliance a priority. Good-faith efforts go a long way toward improving the odds of a smooth trip when traveling down the path of wage and hour compliance. Michael Abcarian is managing partner of the Dallas office. His experience includes representing Fortune 500 corporations, units of local government, and local business interests in labor and employment matters. He handles cases in both federal and state courts, as well as complex litigation and class actions.

CWT SAFETY & SECURITY Wherever you go, we’ll be there.

Helping companies of all sizes. CWT Safety & Security helps companies of all sizes manage the complex and changing requirements of corporate duty of care and focus on the essential aspects of traveler safety. CWT’s offerings are designed to support travelers, travel managers and security managers throughout the trip life cycle, from booking through safe return, by: Anticipating disruptions to travel so travelers can avoid problems and companies can avoid unnecessary costs and risks Locating travelers quickly, for any reason Communicating with travelers via multiple means—email, SMS, voice Assisting travelers in need with rebooking, evacuation, monitoring For more information, please contact or go to


SolutionsStore The Solutions Store offers a variety of safety and security products, services, and solutions from companies with solutions specifically for hotels, restaurants, and country clubs. Please view our webiste for the full list.

Find-a-Lawyer Needing legal advice or representation for your company? Check out Find-a-Lawyer database to find national and international attorneys with experience in the hospitality industry. makes it simple to find industry lawyers by simply clicking on the state you are looking for, the industry area, and then the specific practices areas that you need assistance with your legal issue. Industry areas include: Hotel Law Meetings Private Clubs Travel & Tourism Food & Beverage

Cost Segregation Services Data Privacy & PCI-DSS Compliance Education & Training Employee Hiring Emergency Response Expert Witnesses Human Trafficking Insurance Services for Hotels & Restaurants Legal Hotel & Restaurant Safety Products, Services, and Solutions Hotel & Restaurant Security Products, Services, and Solutions Payment Processing Threat Assessment and Threat Management

Social Networking

Get connected today to hospitality industry leaders and peers by joining the conversation in the following ways:

Visit us at for more information or call us at 713-963-8800.

@HotelOwnerMgmt Follow us on Twitter to receive the latest industry news and updates. Don’t forget to tag conference-related tweets with #HLC13. The #HLC13 Owner-Management Summit will offer sessions on management agreements, hotel investments and development, risk management, legal compliance and more.

Attorneys, join the Global Alliance of Travel, Tourism, & Hospitality Attorneys (G.A.T.T.H.A.) to receive: • Global exposure to the hospitality community, including in house counsel and private attorneys seeking local counsel and assistance • Attorney listing in Find-a-Lawyer on the website • Branded article placement opportunities in contentfocused Hospitality Lawyer e-magazine • Access to the complete catalog of past Hospitality Law Conference presentations and white papers • Access to hospitality forms, checklists, and procedures • Discounts to the annual Hospitality Law Conference •


Hospitality Lawyer e-Magazine | November 2012

Hospitality Lawyer Like us on Facebook to receive conference updates and the latest industry news at

Hospitality Legal, Risk, Safety & Security Coalition Group

Join the discussion on LinkedIn with industry leaders and peers on current hot topics at:

SPONSORS | November 2012


Hospitality Lawyer eMagazine | November 2012