Modernizing Hotel Security Protocols To Protect Against 21st Century Threats

Security guard

From a January 2019 attack on a luxury hotel in Nairobi, Kenya, to attempted bombings and shootings at high-profile hotels in the United States, industry executives and security experts are now grappling with the fact that terrorists and other bad actors have identified hotels and hospitality venues as targets.

In the wake of these attacks, questions abound regarding what should be done to limit or prevent similar attacks in the future. These questions are raised even as the hospitality industry devotes significant time and resources toward examining and updating existing security protocols, safety measures, and various technologies that can be used to help secure hospitality facilities.

However, even with this diligent review, the unfortunate reality is that in any instance where terrorists commit violent acts, it is the hospitality facilities that face litigation alleging that they failed to provide “reasonable” or “adequate” security. And, with the absence of a clear standard of care, facility owners and operators are then mired in an expensive, protracted, and uncertain legal battle over whether they indeed “did enough.”

To mitigate this risk, industry experts recommend enhancing security measures and procuring substantial insurance policies. To complement these efforts, hospitality facility owners and operators should also consider another method to minimize the liability risks associated with litigation following a terrorist attack: the Support Anti-Terrorism by Fostering Effective Technologies Act of 2002, or the SAFETY Act.


Administered by the Department of Homeland Security (DHS), the SAFETY Act is a post-9/11 anti-terror measure enacted by Congress. Under the federal law, companies who manufacture or sell security products or services or deploy their own internal security programs may apply to DHS for significant legal protections that kick in should their security product or program be the subject of a lawsuit following an act of terrorism.

To secure these SAFETY Act protections, companies may choose to apply to DHS. DHS then performs a rigorous examination of the security product or program to determine that it is effective and useful in identifying, deterring, preventing, or mitigating a terrorist attack.

There are two forms of liability protections available under the SAFETY Act: Designation awards and Certification awards. If a security product or program is “Designated,” then third-party tort damages are capped should the provider of the product/program be sued following an act of terror. If the product or program is “Certified,” then the provider may seek immediate dismissal of liability claims arising out of or related to the terrorist attack. For all awards, the SAFETY Act bars punitive damages and prejudgment interest and provides exclusive federal jurisdiction of SAFETY-Act claims. SAFETY Act liability protections also “flow down” to all the customers that buy or use the awarded product or program.

There are two ways hospitality and entertainment facility owners and operators can successfully utilize SAFETY Act protections. First, they can submit an application for the security services they themselves provide at their facilities. Those applications can cover internal risk management procedures, security technology purchases, security awareness training, and in-house security staff.

The second way to take advantage of the SAFETY Act is by purchasing SAFETY Act-awarded products and hiring SAFETY Act-awarded security vendors. In this case, the owners and operators benefit from “flow down” protections because, under the law, any claims following a terror attack relating to the alleged performance or non-performance of the security product or vendor may only be brought against the holder of the SAFETY Act award, not the end customer.

Here’s how these protections would work: If a hotel hires an outside security guard company that holds a SAFETY Act award and then suffers a terrorist attack, the security guard company will be the only proper defendant in ensuing claims that the company failed to properly perform its duties. The hotel owner/operator, meanwhile, could not be sued for the alleged inadequacies of the security guard company, as the SAFETY Act bars such claims.

To date, few in the hospitality industry have sought out the protections of the significant risk management tools available under the SAFETY Act. Given the current threat environment, as well as the staggering costs associated with a terrorist attack, hospitality venue owners and operators should carefully investigate whether the SAFETY Act can form a core component of their risk management programs.

Not all hotels or venues will be eligible for SAFETY Act protections, as DHS will only approve applications containing robust and well-documented security policies and procedures. However, there are still many locations with sophisticated security protocols in place that could see significant benefits from the law’s legal protections. Even smaller sites that are unable to qualify on their own award could mitigate risk by contracting with SAFETY Act-approved security vendors.

By addressing risks now, the industry can be better prepared to deal with future attacks and litigation, protecting everyone.


Pillsbury senior associate Aimee P. Ghosh and associate Nathalie Prescott also contributed to this article.

Previous articleNew Data from OTA Insight Highlights Rate Parity Issues
Next articleThis Week’s Comings and Goings
Brian E. Finch is a partner in Pillsbury’s Public Policy practice in Washington, D.C. He has extensive regulatory and government affairs advocacy experience and is a recognized authority on global security and cybersecurity threats. Zachary M. Kessler is an associate in Pillsbury’s Public Policy practice in Washington, D.C. He represents clients on a variety of policy issues, including cybersecurity and government affairs.