Traditionally the guest data is available to both the hotel's owner and operator during the term of the management agreement and, perhaps more importantly, following the termination of the management agreement. In more recent times there has been a tendency on the part of some operators to stipulate that the guest data is effectively the 'property' of the operator.
During the course of a hotel management agreement negotiation there are many issues to be identified, negotiated and resolved. Some issues seem to come up more regularly than others and seem to take a disproportionate amount of time to deal with to the satisfaction of both owners and operators. In this series we will focus on a number of issues which fall into this category.
The last edition of the newsletter in this series dealt with hotel employees. In this edition we explore the fascinating world of guest data. This is the information that a hotel collects when a guest registers and subsequently stays at the hotel. It is usually stored electronically in some fashion on a computer hosted at the hotel and/or at a central facility under the control of the hotel's operator.
Hotel management agreements vary significantly in their treatment of guest data. Traditionally the guest data is available to both the hotel's owner and operator during the term of the management agreement and, perhaps more importantly, following the termination of the management agreement. In more recent times there has been a tendency on the part of some operators to stipulate that the guest data is effectively the "property" of the operator and as such is only made available to the owner during the term of the management agreement and consequently unavailable to the owner following termination of the management agreement.
In a recent negotiation we discussed this point. It was clear that if, following termination, the owner, say, wanted to do a mail out to guests who had stayed at the hotel during the period of 12 months prior to the termination then this would not be possible as the owner would not have access to the relevant guest data. A rather thought provoking issue.
Since we are based in Australia, we will approach the questions below from a broadly Australian perspective. Local laws relevant to guest data in other jurisdictions may vary the discussion on any one or more of the questions posed. The good news is, however, we have 17 offices in Asia and many more around the world to answer any jurisdiction specific questions you may have.
Topic | Discussion |
|
No. The law does not recognise information as a form of property. However there are legal mechanisms that can be used to control information in a way that make it seem like property in some circumstances. The most relevant examples are;
|
|
Guest data is usually collected at the time when the guest checks in, through loyalty programs and as a result of promotions and competitions. The method of collection must be disclosed in the organisation's privacy policy. Certain categories of information such as health information, ethnic background and club memberships, is called sensitive information and can only be collected with the consent of the subject. The Act requires that the data collector must take reasonable steps to ensure the data subject is made aware of certain matters before, at the point of collection or as soon as possible thereafter. The matters to be disclosed include the identity of the party making the collection, the purpose of the collection are types of party to whom the information is usually disclosed and whether or not the information will be given to an overseas recipient.
|
|
Guest data is usually personal information regulated by the Act and therefore it can be used for purposes made known at the point of collection and for purposes related to the primary purpose of collection. Sensitive information, such as health information can only be used for purposes directly related to the primary purpose of collection. The information can be used for other purposes with the express consent of the subject. The Act also allows the use of the information in certain emergency situations such as to prevent the serious threat to life, health or the safety of an individual or public safety. Disclosure is also permitted in order to take appropriate action in relation to an unlawful activity and for the establishment, exercise or defence of a legal or equitable claim, amongst other exceptions.
|
|
For general guest related information this depends on disclosures made in the owner and/or operator's privacy policy and or any additional disclosure made at the point of collection. If the party to whom the disclosure is made is someone that has been mentioned in the privacy policy or collection notice as a party to whom disclosures are usually made, the disclosure is probably permitted. Disclosure will also be permitted if one of the statutory exceptions relating to an emergency or unlawful behaviour applies. It is possible that some information provided by guests may have been disclosed to the owner or operator in confidence. Such information may be held subject to a duty of confidence and should not be disclosed without the consent of the relevant guest. The position is subject to any binding contractual obligation on the owner or operator that constrains the manner in which the collected information is handled such as might be included in a management agreement or franchise agreement.
|
|
The Privacy Act does not make a distinction between principals and agents. The only question is whether the relevant entity has possession of the information and, as a practical matter, has the information in its effective control. An agent that is carrying out a process for an owner will have control of the information and will need to comply with the Act by acknowledging that it collects and holds some information on behalf of the owner for particular purposes and perhaps, in accordance with the policies and directions of the owner. This position is the same whether the operator is an agent or a contractor. |
About Baker & McKenzie
Founded in 1949, Baker & McKenzie advises many of the world’s most dynamic and successful business organizations through more than 11,000 people in 77 offices in 47 countries. The Firm is known for its global perspective, deep understanding of the local language and culture of business, uncompromising commitment to excellence, and world-class fluency in its client service. Global revenues for the fiscal year ended 30 June 2014, were US$2.54 billion. Eduardo Leite is Chairman of the Executive Committee. (www.bakermckenzie.com)