General Negligence, Hospitality, Publications

Making Hotels Safer For Their Guests

January 19, 2015

Hotel guests have high expectations of luxury with respect to the services and products they receive during their stay at a hotel.  In particular, they have high expectations about the quality of their room and the customer service provided to them.  Hotel guests also expect excellent hotel safety and security.  But no matter how luxurious the hotel, and no matter how much a guest pays for privacy and safety, all hotels are potentially at risk because of the actions of third parties.  Specifically, hotels are at risk of being held liable for injuries sustained by hotel guests who have been sexually assaulted or whose privacy has been invaded by “peeping Toms.”

The Relationship Between a Hotel and Its Guests

As attorneys, we are expected to educate our clients as to their risks and why those risks exist.  Therefore, you should explain to your hotel client why it may be held liable for the actions of a “peeping Tom” or a person who commits a sexual assault.

Generally, a person has no legal duty to protect another from the criminal acts of a third person.  Butcher v. Scott, 906 S.W.2d 14, 15 (Tex. 1995).  However, a hotel guest is at least the equivalent of a business invitee and is therefore the beneficiary of a duty of reasonable care as to his or her safety.  Ellis v. Luxbury Hotels, Inc., 716 N.E.2d 359, 360 (Ind. 1999).  As such, a hotel has a nondelegable duty to a business invitee to provide him or her with reasonably safe premises, including reasonable protection against third-party criminal attacks.  U.S. Sec. Services Corp. v. Ramada Inn, Inc., 665 So. 2d 268, 269 (Fla. Dist. Ct. App. 1995).  Under any standard, the greater the likelihood of a crime against a hotel guest, the more extensive the safety measures the hotel will be expected to take.  Shadday v. Omni Hotels Mgmt. Corp., 477 F.3d 511, 517 (7th Cir. 2007).

“Peeping Toms”

Hotels are particularly at risk because of the action of “peeping Toms,” or third parties that engage in what is commonly known as voyeurism.  Voyeurism is the act of a person spying on others and perhaps even capturing private moments through some form of media.  Because hotels have a duty to keep their guests safe, they must protect them from voyeurism.

Perhaps the most well-known “peeping Tom” incident is that involving Erin Andrews, an ESPN reporter.  In 2008, Michael Barrett, a resident of Illinois, called an Ohio hotel, which allegedly confirmed that Ms. Andrews would be staying at their hotel on specific dates.  Barrett made a request for a room next to Ms. Andrews’ room, which was allegedly accommodated without the knowledge or consent of Ms. Andrews.  Barrett checked into his room and removed and then altered the peephole of Ms. Andrews’ hotel room door.  Barrett then took video footage of Ms. Andrews changing while in the privacy of her room and distributed it over the internet for millions to view.  Later that same year, Barrett called a Nashville hotel and requested a room next to Ms. Andrews’ room.  Once again, he recorded video footage of her changing, which also went viral over the internet.  Ms. Andrews subsequently sued the various hotels and hotel chains, as well as Barrett.  The case went to trial and the jury awarded Ms. Andrews $55 million on March 7, 2016.  Barrett was also charged with, and later pleaded guilty to, interstate stalking and was sentenced to twenty-seven months in federal prison.

Barrett’s actions, while reprehensible, have served as a catalyst for the entire hospitality industry to reevaluate policies and procedures regarding guest privacy and safety, as Ms. Andrews’ status as a public figure afforded her the opportunity to bring this issue to the public’s attention.  It is important to remember; however, that it is not just high-profile individuals like Ms. Andrews who have been victimized.  Non-celebrity guests, simply enjoying their stays at hotels, have also been victimized by these “peeping Toms,” further demonstrating that anyone, male or female, is a target.  While new technology has permitted these “peeping Toms” to distribute visual images, such distribution is not always the purpose of such viewings.

The case of Paul and Wendy Carter is illustrative.  Over 20 years ago, the Carters were guests at a hotel when they heard knocking and scratching sounds coming from a wall in the room.  The Carters later engaged in “private marital activities.”  Paul subsequently noticed two scratches in the bedroom mirror.  Later that evening, the Carters removed the mirror and found a wide hollow space between their hotel room wall and the wall of the adjoining room and a hole in the wall to the adjoining room, which was covered by a mirror that had scratches on it that were covered by black tape.  Scratches were also later found on the mirrors of thirteen other guest rooms at that particular hotel, and six other rooms had holes cut into the wall behind those mirrors to facilitate cable wiring.  The hotel guest whose room adjoined the Carters’ stated that he never spied on them.  However, he was not the only person with access to that hotel room; security guards, maintenance workers, housekeepers, and management personnel all had master keys to open that adjoining room.  It was never determined who, if anyone at all, spied on the Carters during their stay at that hotel.  The Carters sued, alleging various claims that arose out of that alleged “peeping Tom” incident, including, among others, invasion of privacy and negligence/breach of contract.

In that case, the Supreme Court of Alabama instructed that the tort of invasion of privacy is the intentional wrongful intrusion into one’s private activities in such a manner as to outrage or cause mental suffering, shame, or humiliation to a person of ordinary sensibilities and that such an invasion takes place either through an intrusion upon a physical space or by an invasion of one’s “emotional sanctum,” which is prohibited by law.  Carter v. Innisfree Hotel, Inc., 661 So. 2d 1174, 1178 (Ala. 1995).  The Carter court held that a reasonable jury could determine that the couple’s privacy had been intruded upon by the hotel even though the actual identity of a “peeping Tom” could not be determined and even though the Carters could not demonstrate the actual use of a spying device.  Id. at 1179.  The court explained that the possible intrusion of foreign eyes into a customer’s hotel room through holes in the wall or scratches on a mirror was an invasion of the customer’s privacy.  Id.  The court further explained that even if it could be proven that a third party other than a hotel employee was responsible for the holes and scratches, the hotel had an affirmative duty, stemming from a guest’s rights of privacy and peaceful possession, not to allow unregistered and unauthorized third persons to gain access to the rooms of its guests.  Id.  With respect to the negligence/breach of contract claim, the Carter court instructed that when a hotel rents a room to a paying customer, it undertakes a contractual obligation to that customer to provide a safe, private room.  Id.  As a result, the Carter court held that a jury could conclude that the hotel had a contractual obligation to the Carters, its customers, to provide them with security, which, at the least, would mean a room free from fear that they were being viewed through their mirror and that the hotel negligently failed to fulfill this duty, by allowing viewing access into the Carters' room through its failure to inspect the wall and to replace the scratched mirror.  Id. at 1180.

Clearly, when it comes to voyeurism, it does not matter whether pictures are posted to the internet or if there is even just the possibility of an invasion of a person’s privacy in his or her hotel room.  Courts will hold hotels liable for the invasion of a guest’s privacy when that intrusion occurs within a hotel and is preventable by that hotel.  However, it does not matter if that invasion is by another guest or a hotel employee.  Courts will ensure that a hotel guest’s privacy is secured and protected from voyeuristic activities while he or she is within the confines of a hotel room.

Sexual Assault of Hotel Guests

Sexual assault committed by third parties in hotels is another issue that hotels have been facing for years.  These occurrences, at least from a reporting standpoint, are much more prevalent than those of “peeping Toms.”  Courts throughout the country are continuing to find hotels liable for failing to protect their guests from sexual assault from third parties.  The determinative  liability issue in civil cases where hotels are defendants is whether the sexual assault was foreseeable.

Millan v. Residence Inn By Marriott, Inc., 226 Ga. App. 826 (1997), demonstrates the impact that a hotel’s ability to foresee sexual assault has on its liability.  There, the perpetrator, who was a hotel guest, sexually assaulted a disabled minor at the hotel pool.  Just a week before that attack, there was a report of sexual assault of minors at the pool.  The perpetrator was never specifically identified though the hotel employee who received the information regarding the attack deduced that the perpetrator was involved based upon the facts.  Additionally, for several months prior to the attack at issue in Millan, the perpetrator had engaged in repeated inappropriate and nonconsensual sexual behavior towards a female hotel employee.

The Millan court instructed that an innkeeper is bound to exercise ordinary care to protect its guests from unreasonable risks of which the innkeeper has superior knowledge, and if an innkeeper has reason to anticipate criminal acts, it has the duty to exercise ordinary care to guard against injury caused by dangerous characters, then the test there was whether the prior criminal activity was sufficiently and substantially similar to demonstrate the landowner's knowledge that conditions on his property subjected his invitees to unreasonable risk of criminal attack so that the landowner had reasonable grounds to apprehend that the present criminal act was foreseeable.  Id. at 828-29.  Specifically, a report of previous fondling of children at the hotel pool constituted the same crime committed in the same place and manner as that perpetrated against the disabled minor and thus met the substantially similar test, even though the perpetrator had not been positively identified as such.  Id. at 829.  Additionally, a report that the perpetrator had sexually assaulted the female hotel employee met the substantially similar test because even though that victim was not close in age to the minor, the nature of the offenses on the same premises and in the perpetrator’s same capacity as a guest, were the same.  Id.  Consequently, if a hotel is put on notice of prior sexual assaults, it may well be found liable for any subsequent substantially similar sexual assaults as a result of their foreseeability.

However, if an assault on a guest is not foreseeable, then a hotel will generally not be found liable.  For example, in Shadday v. Omni Hotels Mgmt. Corp., 477 F.3d 511 (7th Cir. 2007), a guest was sexually assaulted by another guest whom she had met in the hotel bar.  Ordinarily, one security guard would monitor the security cameras while the other two guards patrolled, but no one was monitoring the cameras at the time of the attack that night because one was out sick and the other two were patrolling.  Similar to the Millan court, the Shadday court explained that a hotel or innkeeper has a duty to use due care to protect its guests against foreseeable hazards, including criminal acts.   Id. at 512.  However, a hotel will become liable for guest-on-guest crime only when it has some reason to think such crime is likely.  Id. at 517.  Therefore, the Seventh Circuit concluded in Shadday that the hotel did not violate its duty to protect the hotel guest because guest-on-guest crime at such a hotel was extremely rare and the hotel had no reason to think that one of its guests would rape another guest in its elevator.  Id. at 517.  One can deduce, however, that if another similar assault subsequently occurred at that hotel, that the Shadday court, like the Millan court, would likely hold that hotel liable for any subsequent similar assaults because they would now be foreseeable.

The issue of foreseeability may also require hotels to conduct background checks of their employees.  Consider a more recent case in Arizona.  In 2011, one woman alleged that she was sexually assaulted in her hotel room by a night clerk who used his master key to enter her bedroom.  The perpetrator was fired after that incident but was then hired at another hotel, where, nine months later, he allegedly sexually assaulted a female hotel guest.  At that time, the perpetrator was a registered sex offender in Arizona.  A background check had not been done by either of the Arizona hotels.  Both female sexual assault victims have filed separate lawsuits against the hotels where these alleged assaults occurred.  Since then, one woman, along with her attorneys and state politicians, have proposed legislation that would require background checks, which they believe will help to prevent such attacks.  It remains to be seen how the Arizona courts will handle the issue of foreseeability and how it relates the background checks of employees with violent sexual criminal histories.

A recent decision in Texas echoes the sentiments of the Arizona victims.  In that case, a Texas court held that a hotel, as an employer, could reasonably have foreseen that its bellman might commit acts of physical or sexual assault against a minor hotel guest, as he had recent convictions for assault, had been cited at least six times for sexual misconduct during the eight years he had previously been incarcerated, and had also been accused twice of indecency with a child.  Mindi M. v. Flagship Hotel, Ltd, 439 S.W.3d 551, 559 (Tex. App. 2014)  The court explained a jury could conclude that a background check would have been reasonable because of the bellman’s access to guests, their rooms and other private areas of the hotel that presented opportunities for misconduct.  Id at 561-62.

How Hotels Can Protect Themselves by Protecting Their Guests

These examples of assaults on hotel guests and voyeurism are not meant to disparage to hotels, to their reputations, or to the services that they provide.  Instead, they are illustrative of the vast array of ways perpetrators put hotel guests – and therefore hotels – at risk.  Hotel security and guest safety are imperfect.  In fact, advances in this area have come about because of security breaches.  Hotel security and guest safety must constantly evolve to keep up with the breaches in security and changes in technology.

That invasion of privacy in the Carter case discussed above occurred in 1993.  At that, people had cameras with rolls of film and video cameras with VHS tapes.  Very few people had cell phones and certainly a camera phone had not yet been invented.  Today, smart phones equipped with cameras are the norm.  Pictures can be taken on those phones and sent out for the world to see, as in Ms. Andrews’ case.  And, to even further complicate matters, pictures can be taken, sent, and then deleted within seconds through applications such as Snapchat, an application for cell phones that users utilize to send photos or videos to other users which then disappear after a specified period of time.  Hotels are constantly reevaluating their policies and procedures as technology evolves.  It is incumbent upon hotels to continually take the necessary steps to ensure that their guests are safe from third parties as the creativity of third party perpetrators expands.

Guest safety is not the type of situation that a hotel should wait to deal with until it is sued.  Many experts suggest conducting a legal liability audit so that a hotel might understand the risks it faces on its property.  While such an audit can be performed by a hotel’s security team, a hotel might also choose to contract out its security evaluation to an unbiased security expert or an outside risk management team with a wide range of knowledge of hotel weaknesses and potential breach points.  The Shadday case demonstrates the importance of a security audit, as it can point out the weaknesses in a hotel’s security and provide a hotel the opportunity to rectify them.

In the event a weakness or potential breach is identified, a hotel can, along with its security team, develop a comprehensive plan to address the potential liability.  Defense attorneys should remind their clients that even if there is a breach, such as a “peeping Tom” incident or a sexual assault, any steps hotel management takes in response to make its hotel safer will generally not be permitted into evidence at trial, as subsequent remedial measures are inadmissible under the rules of evidence except for the purposes of impeachment or, if disputed, to prove control or ownership.  F.R.E. 407.  Therefore, hotels should take each security breach as a learning experience with an eye toward preventing additional subsequent breaches.

Ms. Andrews’ case and the Carter case have demonstrated the importance of premises inspections.  Hotel security must regularly conduct security sweeps throughout the hotel to prevent security breaches.  Because a hotel has control of its rooms, and because hotel staff is regularly in the rooms, hotels must develop policies and procedures by which all hotel staff, no matter the rank, actively look for potential breaches.  Hotel staff must be trained to look for possible acts of voyeurism so as to prevent violations of guest privacy.

Clearly, access to guest hotel rooms is not just an issue of interest to hotel guests, as the cases in Arizona and Texas have shown.  The Arizona sexual assault victims and their attorneys are fighting to change the laws in that state.  As of September 2014, lawmakers in Arizona are working towards the enactment of laws that would require hotels to perform background checks on hotel employees who have access to hotel guests’ personal information and hotel room keys.  Hotels should, as company policy, conduct background checks for every new and current hotel employee to prevent assaults similar to those that have already taken place in Arizona and Texas.

A hotel should carefully review its entire policy regarding guest room keys.  First, and foremost, room keys should be cards that can be activated when a guest checks in and then deactivated when a guest checks out.  A hotel must also have strict policies in place as to how it distributes room keys to persons who claim to have lost their keys and must, at a minimum, require identification before distributing a key after a guest has already checked into the hotel.  Additionally, a hotel must also look at how many employees it permits access to master keys to avoid assaults like the ones in Arizona.

A hotel’s security, as Ms. Andrews’ case has also established, is not limited to physical breaches.  A hotel must also look at its guest privacy policies.  If a hotel does not already have such a plan in place, it must establish strict policies to never provide the personal information of a registered guest or reveal the room in which a guest is staying.  Additionally, a hotel should ensure that it has a policy in place of not blindly accepting requests to be placed in hotel rooms next to other hotel guests.  Furthermore, if it has not already done so, a hotel should institute a policy and procedure that requires that a hotel guest be notified by hotel staff if someone wishes to speak with him over the phone or wishes to be placed in a room next to him or her.

Hotel security will never be perfect.  However, hotels do have a duty to their guests to provide them with safe accommodations.  Therefore, it is up to hotels to evolve with technology and breaches in security to provide the safest possible accommodations based upon the foreseeability of risks that may arise during a guest’s stay.  It is time to turn the mirror around on “Tom.”


Make a colleague's day: Forward this article.

View All Insights

Stay Connected

Join our e-newsletter for the latest
from Johnson & Bell.

Related Attorney(s)

Related Service(s)

Related Industry Sector(s)

Johnson & Bell

33 West Monroe Street
Suite 2700
Chicago, Illinois
© 2022 Johnson & Bell, Ltd. All Rights Reserved.