Main Menu
Posts from November 2013.

By Scott G. Warner and Colleen Hannigan. Originally posted in Hospitality Upgrade.

Corporations like Google and Facebook collect incredible amounts of information about their users, and this summer saw confirmation of widespread surveillance of private citizens by the U.S. National Security Administration.  Between government and corporate information collection, privacy experts have gone so far as to say that privacy on the internet no longer exists.  As data collection has become ubiquitous online, privacy regulators and other enforcement authorities such as the Federal Trade Commission (FTC) have become more interested in reviewing websites’ and web applications’ privacy policies.  These authorities require or strongly encourage, depending on the jurisdiction, website and app operators adopt and publish privacy policies that inform users of the information they collect and how they use it.  Indeed, California Governor Jerry Brown recently signed into law new provisions of California Online Privacy Protection Act (CalOPPA), which require website operators and online services to notify users whether other parties may collect information across different websites and disclose how they respond to web browsers that do not track signals.  Given the increased scrutiny being given to privacy policies and the size of the penalties levied for not complying with applicable laws in this area, it is surprising that so many websites and apps have inadequate policies or none at all.

Under law and as a best practice, website and web application operators (including those in the Hospitality industry) should publish—and adhere to—privacy policies that tell users how the operator collects, uses, and discloses their personal information.  Good privacy policies advance the core principles of privacy protection: they give users notice; let users choose what information is collected and how it is used; let users access information about them; tell users, correctly, that the operator takes reasonable steps to keep their personal information secure; and give users means to address their concerns.  Moreover, good privacy policies meet the dual goals of being both thorough and accessible to the average user.  Unfortunately, most privacy policies fall short of these goals.

In May, 2013, nineteen privacy enforcement authorities from around the world conducted the first Global Privacy Enforcement Network Internet Privacy Sweep.  The Sweep looked at 2,276 websites’ and apps’ privacy policies, spending only a few minutes per site or app to replicate a typical customer experience.  Almost one quarter of those websites and apps had no privacy policy whatsoever.  Of those that did have policies, many weren't helpful to the average user because their policies contained little more than boilerplate language or lengthy quotes from privacy legislation.  Generally, the Sweep found that larger organizations’ privacy policies were better than smaller organizations’ policies, and that app privacy policies are lagging behind—more than half of the apps examined had no privacy policy at all.

While evolving technologies and changing laws can make it difficult to keep up with the most recent requirements, the Sweep makes clear that “keeping up” is not the real problem.  Rather, it’s having a policy and complying with it.  This is of particular concern for companies in the Hospitality industry.  Not only do they have access to huge amounts of customer data, much of which is collected online, but the Hospitality and Food and Beverage industries are primary targets for data breach, accounting for roughly 33% of the data breaches in 2012.  This makes it more important than ever that companies in Hospitality sector adopt meaningful privacy policies and comply with them.

The results of the Sweep and the compliance actions initiated by the FTC and others of late, make clear that this is no easy matter.  Still, the first step is to adopt a policy that not only meets statutory requirements, but can and will be implemented.  Recommendations for drafting better policies are listed below:

  • Privacy policies should present information in a way that is easily readable to the average person.  They should use plain language and concise explanations rather than lengthy and confusing legalese.  Similarly, links to privacy policies should be both functional and easy to find.
  • Policies should fully inform users about all information the operator collects, including data that is collected behind the scenes such as the user’s IP address and information collected from browser cookies.
  • Policies should tell users about simple and effective methods to protect their personal information by, for example, opting out of providing data for certain purposes or requesting to access or challenge the accuracy of the operator’s data about them.
  • Policies should adhere to applicable laws, such as California’s Online Privacy Protection Act of 2003, as well as FTC guidance. Operators should stay informed about legal developments both in the U.S. and internationally, and update their policies when necessary.
  • Policies should include up-to-date contact information for the person(s) responsible for the operator’s privacy practices.

Online data collection in the United States shows no signs of slowing.  Nor do attempts to gain access to that information or penalties for failure to protect it.  While companies in the Hospitality industry may not be able to stop the onslaught from outsiders determined to hack their data, they can take steps to reduce their exposure from claims by regulators and others that have failed to meet their obligations to consumers by adopting (and complying with) privacy policies that allow their users to make educated decisions about what they disclose and how they allow their information to be used.  To comply with applicable laws and guidance, these policies should be as accurate, thorough, and clear as possible.


Hunting for a top-rated hotel or searching for the perfect dim sum restaurant? Chances are you will turn to sites such as Yelp, Citysearch, or TripAdvisor to guide you through the mass of options most locations have to offer. As the Huffington Post recently noted, “In an increasingly tech-reliant world, most of us do not step foot in a restaurant or buy anything online without doing at least a modicum of Internet research.”

Hoteliers and restaurateurs have long known that positive online reviews equal greater occupancy rates, increased bookings, and greater revenue for their businesses: An influential 2011 Harvard Business School (HBS) study found that “a one-star rating increase on Yelp translated to an increase of 5% to 9% in revenue” for restaurants, while researchers at Cornell found that a one-star swing in a hotel's online ratings on travel sites equate to a 11% sway in room rates.

So how trust-worthy are those 4-star online reviews? Turns out, unsurprisingly, caveat emptor.

A 2013 HBS report estimates that the number of fraudulent reviews on Yelp rose from 5% in 2006 to 20% in 2013.

While businesses may think that asking clients or friends to post positive reviews online is simply the cost of doing business in the internet age, the law says otherwise.  Regulators are catching on to businesses that artificially inflate their online reputations and are seizing the opportunity to bust companies that hire or solicit positive “fake” reviews.  Recently, the New York Attorney General’s office announced it had reached agreements with 19 companies to cease their misleading practices of posting fake reviews online. To the tune of $350,000 in penalties. This was after New York Attorney General, Eric T. Schneiderman, conducted a year-long investigation into consumer-review sites, finding that New York businesses had bribed clients to write fake reviews in exchange for gift certificates, hired overseas bloggers to post positive reviews, or took to the message boards themselves to defend their “false advertising” practices. Schneiderman calls this practice of disseminating a false or deceptive review that a reasonable consumer would believe to be a neutral, third-party review is a form of false advertising called “Astroturfing.” And Schneiderman suggests that prosecutors should step up and help put an end to the practice.

In addition, review sites are fighting back in an effort to protect their reputation. Yelp, for example,  has a page dedicated to explaining its policy of outing false reviews by using sophisticated software to weed out spammers.  Yelp has even sued a California law firm for posting bogus reviews.

The end game is that by producing fake online reviews, businesses may not only violate state laws prohibiting false advertising and illegal and deceptive business practices, but they may also incur significant penalties and their reputation may be irreparably harmed. (Schneiderman listed the names of all of the business online who were involved in the New York sting operation.)

If you are a hotel or restaurant owner, resist the urge to spruce up your online reputation by solicitation of—or by penning your own!—positive reviews, no matter how benign you think the practice may be. And if you are a consumer, remember: not everything you read on the internet is true.

If you have questions about how your online practices may violate state law, contact Greg Duff.

I'm pleased to introduce guest author Katie Nguyen, a CPA from local accounting firm, Clark Nuber. Katie specializes in state and local taxes for the hospitality industry and has offered to share her experience and knowledge with the Duff on Hospitality readers. Welcome, Katie, and thank you for today's post on some important tax incentives available to Washington's owners and operators. - Greg 

I’d imagine that every hotel and restaurant owner/operator is interested to know how to save money on his or her state taxes (while still following all of the applicable laws and rules, of course). As a former Washington Department of Revenue auditor, I've seen many exemptions, credits, and preferential tax rates go unused – primarily because businesses just didn't know that they existed! This post provides a brief explanation of some Washington tax incentives (both old and new) that the hotel and restaurant industry should be taking full advantage of.

Sales/Use Tax Exemption for Items Imparting Flavor or Supporting Food

The Washington legislature recently enacted a measure providing a retail sales and use tax exemption on purchases by restaurants of the following two types of items:

  • Items used to impart flavor to foods that are completely or substantially consumed by combustion during the cooking process. Such items could include charcoal, charcoal briquettes, wood chips, grape vines, and the like.
  • Items comprised entirely of wood that support the food during the cooking process. Such items could include wood planks, etc.

This exemption expires July 1, 2017.

Commute Trip Reduction Credit

Also recently passed by the state legislation was a bill extending the life of the Commute Trip Reduction B&O tax credit. This credit is a great incentive for those taxpayers who help subsidize the cost of employee public transportation, carpooling, or non-motorized commuting. For each employee, the credit is capped at $60 or 50% of the transportation cost paid (whichever is lower) annually. Be sure to submit your application to the Department of Revenue by January 31, 2014 to get your 2013 credit!

Syrup Tax Credit

2009, the buyer is entitled to a B&O tax credit of 100% of the syrup tax paid. The credit can be taken directly on the excise tax return as well.Although not part of the new legislative changes, the syrup tax credit is another great incentive to take advantage of if you are in the restaurant industry. This is a Washington B&O tax credit that is available to any buyer of carbonated beverage syrup who uses the syrup in making carbonated beverages that are then sold (provided that the syrup tax has already been paid). As of July 1,

Lodging for Continuous Periods Greater than 30 days

Hotels and similar short-term accommodation providers are generally required to collect sales tax on charges for room rentals of 30 days or less, but not for continuous periods of more than 30 days.  A recently issued Washington Tax Determination provides a favorable application of this law to a hotel that provided blocks of rooms to a corporate customer. In the determination, an airline had a long-term contract in place with a hotel to provide rooms for their off-duty flight crews. The contract was for a term of more than 30 days and the hotel was to provide the airline a set number of rooms on an ongoing basis. The hotels did not set aside specific rooms for the airline, but the airline was guaranteed the availability of the number of rooms specified and was required to pay for them even if they went unused.

The Appeals division ruled in favor of the airline, explaining that the law does not require a specific hotel guest to be in continuous occupancy of the same hotel room for a continuous 30-day period to qualify for the sales tax exemption.  This treatment applies retroactively, so there may be refunds available to the extent sales tax has been charged on corporate contracts or other bookings of one or more hotel rooms for a continuous period of at least 30 days.

Awareness of these potential tax savings is just part of the process; implementing the exemptions and credits is the more difficult part. Contact Clark Nuber or your tax provider to “serve up” assistance in these areas.


Search This Blog



Greg Duff
Greg Duff founded and chairs Foster Garvey’s national Hospitality, Travel & Tourism group. His practice largely focuses on operations-oriented matters faced by hospitality industry members, including sales and marketing, distribution and e-commerce, procurement and technology. Greg also serves as counsel and legal advisor to many of the hospitality industry’s associations and trade groups, including AH&LA, HFTP and HSMAI.

Recent Posts


Select Category:


Select Month:


Back to Page

We use cookies to improve your experience on our website. By continuing to use our website, you agree to the use of cookies. To learn more about how we use cookies, please see our Cookie Policy.