Hotel guest records: Just how private are they?
Recently, we discussed the failure of some travel suppliers to protect their customers’ private information from creative hackers [see Are Tourists Safe from Hackers and Negligent Suppliers, eTN (9/
Recently, we discussed the failure of some travel suppliers to protect their customers’ private information from creative hackers [see Are Tourists Safe from Hackers and Negligent Suppliers, eTN (9/24/2014)].
Recap On The Wyndham Case
In Federal Trade Commission (FTC) v. Wyndham Worldwide Corporation (Wyndham), “The FTC alleges that, since at least April 2008, Wyndham ‘failed to provide reasonable and appropriate security for the personal information collected and maintained by (defendants)…’ by engaging in a number of practices that, taken together, unreasonably and unnecessarily exposed consumer personal data to unauthorized access and theft’. As a result… Between April 2008 and January 2010 intruders gained unauthorized access-on three separate occasions to (defendants’) computer network…The three data breaches (caused) the compromise of more than 619,000 consumer payment card account numbers, the exportation of many of those account numbers to a domain registered in Russia, fraudulent charges on many consumers’ accounts and more than $10.6 million in fraud loss. Consumers and businesses suffered financial injury, including, but not limited to, unreimbursed fraudulent charges, increased costs and lost access to funds or credit”.
What About Police Access To Hotel Guest Data?
As noted in Liptak, Supreme Court Will Consider Police Searches Of Hotel Registries (www.nytimes.com (10/20/2014), the “U.S. Supreme…agreed to decide whether the police in Los Angeles may inspect hotel and motel guest registries without permission from a judge. Dozens of cities, including Atlanta, Denver and Seattle, allow such searches…A group of motel owners challenged the law (saying) they were not troubled by its requirement that they keep records about their guests. But they objected to a second part of the ordinance, requiring that the records ‘be made available to any officer of the Los Angeles Police Department for inspection’”.
The 9th Circuit Decision
In Patel v. City of Los Angeles, 738 F. 3d 1058 (9th Cir. 2013) “motel operators in Los Angeles challenge a provision of (Los Angeles Municipal Code 41.49 which)… requires hotel and motel operators to collect and record detailed information about their guests (which includes) the guest’s name and address; the number of people in the guest’s party…the guests date and time of arrival and the scheduled date of departure; the room number assigned…the rate charged and the amount collected…and the method of payment…For cash-paying and walk-in guests, as well as any guest who rents a room for less than twelve hours, the records must also contain the number and expiration date of the identification document the guests presented when checking in…For guests who check in using an electronic kiosk, hotel operators must record the guest’s name, reservation and credit card information…These records must be ‘kept on the hotel premises in the guest reception or check-in area…for a period of 90 days”.
The Warrantless Inspection
“The Plaintiffs…challenge Section 41.49’s warrantless inspection requirement, which states that hotel guest records ‘shall be made available to any officer of the Los Angeles Police Department for inspection’…The city stipulated that this provision authorizes police officers to inspect hotel records at any time without consent or a search warrant. Failure to comply with an officer’s inspection demand is a misdemeanor, punishable by up to six months in jail and a $1000 fine”.
Searching Private Records
“No one contests here that plaintiffs’ hotel records are in fact private…if the records were publically accessible, the police of course would not need to rely on Section 41.49 to gain access to them. That the hotel records at issue contain information mainly about the hotel’s guests does not strip them of constitutional protection. To be sure, the guests lack any privacy of their own in the hotel’s records…But that is because the records belong to the hotel, not the guests, and the records contain information that the guests have voluntarily disclosed to the hotel…A police officer’s non-consensual inspection of hotel guest records plainly constitutes a ‘search’ (and) involve both a physical intrusion upon the hotel’s private papers and an invasion of the hotel’s protected privacy interest in those papers for the purposes of obtaining information”
The City’s Position
“The question we must decide is whether the searches authorized by Section 41.49 are reasonable…The city defends Section 41.49 as a nuisance abatement measure designed to deter drug dealing and prostitution, on the theory that those who would be inclined to use hotels to facilitate their illicit activities will be less inclined to do so if they know that hotel operators must collect and make available to the police-information identifying each of their guests”.
Judicial Review Necessary
“The government may require businesses to maintain records and make them available for routine inspection when necessary to further a legitimate regulatory interest…But the Fourth Amendment places limits upon the government’s authority in this regard…The demand to inspect ‘may not be made and enforced by the inspector in the field’…The party subject to the demand must be afforded an opportunity to ‘obtain judicial review of the reasonableness of the demand prior to suffering penalties to refusing to comply’…Section 41.49 lacks this essential procedural safeguard against arbitrary or abusive inspection demands. As presently drafted, Section 41.49 provides no opportunity for pre-compliance judicial review of an officer’s demand to inspect a hotel’s guests records…Hotel operators are thus subject to the ‘unbridled discretion’ of officers in the field, who are free to choose whom to inspect, when to inspect and the frequency with which these inspections occur…To comply with the Fourth Amendment, the city must afford hotel operators an opportunity to challenge the reasonableness of the inspection demand in court before penalties for non-compliance are imposed”.
The Wyndham case focuses on a hotel guests’ desire to have his or her private data protected from hackers while the Patel case focuses on the hotel or motel owner’s desire to have its guest’s private data protected from police inspection without first obtaining appropriate judicial review. As noted above the U.S. Supreme Court has agreed to hear an appeal of the 9th Circuit’s decision in Patel. Stay tuned.
The author, Justice Dickerson, been writing about Travel Law for 38 years including his annually-updated law books, Travel Law, Law Journal Press (2014), and Litigating International Torts in U.S. Courts, Thomson Reuters WestLaw (2014), and over 300 legal articles many of which are available at www.nycourts.gov/courts/9jd/taxcertatd.shtml .
This article may not be reproduced without the permission of Thomas A. Dickerson.